Recommended Internal Auditing Tasks

Internal audits can often leave an organization wondering where to start and where to end. Large internal environments can be quite intimidating at first. That is not to say, however, that internal audits have to be overly complex or crippling to the budget. The main goal of an internal audit should not be to simply find vulnerabilities, but to find the sources of vulnerabilities and take actions to stop them. This usually means internal auditors will spend a good deal of time reviewing internal security policies and auditing how well they are enforced. Here are some good audit tasks to include:

  • Make sure you know what is out there Perform a basic network scan of all address ranges used by the environment. Keep an eye out for any unknown servers and routers as well as any suspicious systems, such as unknown laptops or desktops running numerous services. In addition, talk to people in different areas, look at inventory reports, and perform physical searches for unknown systems and devices.

  • Perform a risk assessment process We already covered a good assessment process in Chapter 8, Practical Security Assessments. This or another risk assessment process should be performed on all internal servers, routers, rooms, and network connection links.

  • Search for technical vulnerabilities Perform an internal network-based vulnerability scan against all systems and devices. Be sure to choose the correct policies and to make this a coordinated effort to avoid any unexpected outages or issues.

  • Check if departments and users are conforming to desktop and application policies Perform a desktop sampling audit as discussed earlier in this appendix.



Inside the Security Mind(c) Making the Tough Decisions
Inside the Security Mind: Making the Tough Decisions
ISBN: 0131118293
EAN: 2147483647
Year: 2006
Pages: 119
Authors: Kevin Day

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net