Performing the Audit

Previous page
Table of content
Next page

The keys to a successful audit of Windows servers or clients is to thoroughly review the host by itself and in conjunction with the many other possible connections that pass data to and from the host.

The following audit steps focus only on the host and do not cover extensive reviews of overlying applications or trust relationships with outside systems. Also not covered are data input and data output methods or their validity. You would cover these on a per-host basis using techniques and tools covered elsewhere in this book. The steps here are typical of many server audits and represent a good tradeoff between the number of risks covered and the amount of time it takes to review the host.

Note 

The test steps in this chapter focus on testing the logical security of Windows boxes, as well as processes for maintaining and monitoring that security. However, there are other internal controls that are critical to the overall operations of a computing environment, such as physical security, disaster-recovery planning, backup processes, change management, capacity planning, and system monitoring. These topics are covered in Chapter 4 and should be included in your audit if they have not already been covered effectively in a separate data center or entity-level information technology (IT) controls audit.


Previous page
Table of content
Next page
IT Auditing. Using Controls to Protect Information Assets
It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
ISBN: B001TI1HNG
EAN: N/A
Year: 2004
Pages: 159
BUY ON AMAZON
MySQL Stored Procedure Programming
Interprocess Communications in Linux: The Nooks and Crannies
A+ Fast Pass
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Mastering Delphi 7
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy