Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
pardofelis
Viewer
‎10-24-2020 05:09 AM
‎10-24-2020 05:09 AM

Integrity violation du to “policy oversight”

Hi everyone,

I am not sure this is the right group to ask - in the official ISC2 CISSP Study Guide they mention that integrity violations can occur because of an oversight in a security policy (p. 116).

Maybe I am reading this wrong (English is not my mother’s tongue) but isn’t “oversight in a security policy” just a method for detecting an integrity violation, not the cause of it ?

Thanks for your help.
Reply
0 Kudos
2 Replies
CraginS
Defender I
‎10-24-2020 08:04 AM
‎10-24-2020 08:04 AM

@pardofelis wrote:
Hi everyone,
I am not sure this is the right group to ask - in the official ISC2 CISSP Study Guide they mention that integrity violations can occur because of an oversight in a security policy (p. 116).
Maybe I am reading this wrong (English is not my mother’s tongue) but isn’t “oversight in a security policy” just a method for detecting an integrity violation, not the cause of it ?
Thanks for your help.

Peter,

An excellent question. I suspect the challenge comes from two different interpretations in the phrase because oversight has a couple of different meanings. Oversight can mean either a process of monitoring and checking validity of operations, as in the oversight of financial records by an an internal auditor. Oversight can also mean a failure to include necessary details in a decision or document, as in an oversight by the staff caused the measurements to be in metric rather than the expected imperial units.

 

In this situation, I believe that the latter meaning of oversight is the correct one, and the phrase mean that a security policy intended to protect the integrity of data failed because the cross check of input data against a reference database did not take place.

 

Others may have more observations join the question.

I hope this helps.

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Reply
Steve-Wilme
Advocate II
‎10-26-2020 07:05 AM
‎10-26-2020 07:05 AM

I think oversight in this context means an unintentional error of omission.  CraigS is correct the word has two entirely different meanings.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
0 Kudos