cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
pardofelis
Viewer

Integrity violation du to “policy oversight”

Hi everyone,

I am not sure this is the right group to ask - in the official ISC2 CISSP Study Guide they mention that integrity violations can occur because of an oversight in a security policy (p. 116).

Maybe I am reading this wrong (English is not my mother’s tongue) but isn’t “oversight in a security policy” just a method for detecting an integrity violation, not the cause of it ?

Thanks for your help.
2 Replies
CraginS
Defender I


@pardofelis wrote:
Hi everyone,
I am not sure this is the right group to ask - in the official ISC2 CISSP Study Guide they mention that integrity violations can occur because of an oversight in a security policy (p. 116).
Maybe I am reading this wrong (English is not my mother’s tongue) but isn’t “oversight in a security policy” just a method for detecting an integrity violation, not the cause of it ?
Thanks for your help.

Peter,

An excellent question. I suspect the challenge comes from two different interpretations in the phrase because oversight has a couple of different meanings. Oversight can mean either a process of monitoring and checking validity of operations, as in the oversight of financial records by an an internal auditor. Oversight can also mean a failure to include necessary details in a decision or document, as in an oversight by the staff caused the measurements to be in metric rather than the expected imperial units.

 

In this situation, I believe that the latter meaning of oversight is the correct one, and the phrase mean that a security policy intended to protect the integrity of data failed because the cross check of input data against a reference database did not take place.

 

Others may have more observations join the question.

I hope this helps.

 

Craig

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Steve-Wilme
Advocate II

I think oversight in this context means an unintentional error of omission.  CraigS is correct the word has two entirely different meanings.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS