@pardofelis wrote: Hi everyone, I am not sure this is the right group to ask - in the official ISC2 CISSP Study Guide they mention that integrity violations can occur because of an oversight in a security policy (p. 116). Maybe I am reading this wrong (English is not my mother’s tongue) but isn’t “oversight in a security policy” just a method for detecting an integrity violation, not the cause of it ? Thanks for your help.
An excellent question. I suspect the challenge comes from two different interpretations in the phrase because oversight has a couple of different meanings. Oversight can mean either a process of monitoring and checking validity of operations, as in the oversight of financial records by an an internal auditor. Oversight can also mean a failure to include necessary details in a decision or document, as in an oversight by the staff caused the measurements to be in metric rather than the expected imperial units.
In this situation, I believe that the latter meaning of oversight is the correct one, and the phrase mean that a security policy intended to protect the integrity of data failed because the cross check of input data against a reference database did not take place.
Others may have more observations join the question.