What is the most effective means of determining that controls are functioning properly within an operating
system?
A.
 Interview with computer operator
B.
 Review of software control features and/or parameters
C.
 Review of operating system manual
D.
 Interview with product vendor
Explanation:
Various operating system software products provide parameters and options for the tailoring of the system and
activation of features such as activity logging. Parameters are important in determining how a system runs
because they allow a standard piece of software to be customized to diverse environments. The reviewing of
software control features and/or parameters is the most effective means of determining how controls are
functioning within an operating system and of assessing and operating system’s integrity.
The review of software control features and/or parameters would be part of your security audit. A security audit
is typically performed by an independent third party to the management of the system. The audit determines the
degree with which the required controls are implemented.
A security review is conducted by the system maintenance or security personnel to discover vulnerabilities
within the system. A vulnerability occurs when policies are not followed, misconfigurations are present, or flaws
exist in the hardware or software of the system. System reviews are sometimes referred to as a vulnerability
assessment.
Incorrect Answers:
A: An interview with the computer operator is not an effective means of determining that controls are
functioning properly within an operating system because the computer operator will not necessarily be aware of
the detailed settings of the parameters.
C: The operating system manual should provide information as to what settings can be used but will not give
any hint as to how parameters are actually set.
D: An interview with the product vendor is not an effective means of determining that controls are functioning
properly within an operating system because the product vendor will not be aware of the detailed settings of the
parameters.