https://community.isc2.org/t5/Governance-Risk-Compliance/Integrity-violation-du-to-policy-oversight/m-p/40211#M158 Hi everyone,<BR /><BR />I am not sure this is the right group to ask - in the official ISC2 CISSP Study Guide they mention that integrity violations can occur because of an oversight in a security policy (p. 116).<BR /><BR />Maybe I am reading this wrong (English is not my mother’s tongue) but isn’t “oversight in a security policy” just a method for detecting an integrity violation, not the cause of it ?<BR /><BR />Thanks for your help. Sat, 24 Oct 2020 09:09:33 GMT pardofelis 2020-10-24T09:09:33Z https://community.isc2.org/t5/Governance-Risk-Compliance/Integrity-violation-du-to-policy-oversight/m-p/40211#M158 Hi everyone,<BR /><BR />I am not sure this is the right group to ask - in the official ISC2 CISSP Study Guide they mention that integrity violations can occur because of an oversight in a security policy (p. 116).<BR /><BR />Maybe I am reading this wrong (English is not my mother’s tongue) but isn’t “oversight in a security policy” just a method for detecting an integrity violation, not the cause of it ?<BR /><BR />Thanks for your help. Sat, 24 Oct 2020 09:09:33 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Integrity-violation-du-to-policy-oversight/m-p/40211#M158 pardofelis 2020-10-24T09:09:33Z https://community.isc2.org/t5/Governance-Risk-Compliance/Integrity-violation-du-to-policy-oversight/m-p/40212#M159 <BLOCKQUOTE><HR /><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/505092887">@pardofelis</a>&nbsp;wrote:<BR />Hi everyone,<BR />I am not sure this is the right group to ask - in the official ISC2 CISSP Study Guide they mention that integrity violations can occur because of an oversight in a security policy (p. 116).<BR />Maybe I am reading this wrong (English is not my mother’s tongue) but isn’t “oversight in a security policy” just a method for detecting an integrity violation, not the cause of it ?<BR />Thanks for your help.<HR /></BLOCKQUOTE><P>Peter,</P><P>An excellent question. I suspect the challenge comes from two different interpretations in the phrase because <EM>oversight</EM> has a couple of different meanings. <EM>Oversight</EM> can mean either a process of monitoring and checking validity of operations, as in the oversight of financial records by an an internal auditor. <EM>Oversight</EM> can also mean a failure to include necessary details in a decision or document, as in an <EM>oversight</EM> by the staff caused the measurements to be in metric rather than the expected imperial units.</P><P>&nbsp;</P><P>In this situation, I believe that the latter meaning of oversight is the correct one, and the phrase mean that a security policy intended to protect the integrity of data failed because the cross check of input data against a reference database did not take place.</P><P>&nbsp;</P><P>Others may have more observations join the question.</P><P>I hope this helps.</P><P>&nbsp;</P><P>Craig</P><P>&nbsp;</P><P>&nbsp;</P> Sat, 24 Oct 2020 12:04:50 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Integrity-violation-du-to-policy-oversight/m-p/40212#M159 CraginS 2020-10-24T12:04:50Z https://community.isc2.org/t5/Governance-Risk-Compliance/Integrity-violation-du-to-policy-oversight/m-p/40237#M160 <P>I think oversight in this context means an unintentional error of omission.&nbsp; CraigS is correct the word has two entirely different meanings.</P> Mon, 26 Oct 2020 11:05:52 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Integrity-violation-du-to-policy-oversight/m-p/40237#M160 Steve-Wilme 2020-10-26T11:05:52Z