IT Answers » Security audits

How to tackle the security risk an IT administrator generates

Nauthiz — Wed, 11 May 2011 07:43:32 +0000

Hello, im an auditor for global copany risks. One of the things that we look for is sepperation of functions. shortly said, you don’t want the same person creating your bill’s and be able to pay them (because he presents a serious security risk for commiting fraud.)

Now what to do with an Domain Administrator (IT department), he has access to all systems because of his job. Is theire some way to eliminate that risk?

Which auditing solution should be used for banking service?

Linux - Ask the Expert — Fri, 06 Nov 2009 17:05:57 +0000

I’m working in a firm specialized in providing banking
services. I’m working on a user control mechanism and as part of the mechanism
I need an auditing solution. Here are the requirements I have for my system:

Logging all the command that users enter and
preferably storing them on a per user basis (for instance the command log for
the user “navid” be stored as “navid.log”
The ability to search for incidents based on user,
command or time.
Ability to generate reports on a weekly basis.

I’ve looked into syslog, syslog-ng, ossec and open-audit
but I’m really not sure which one to go with.

Analyzing Security Audit Journal

Fabypaumc — Thu, 22 Oct 2009 14:46:53 +0000

Hello, could you please tell me where can I find a book, guide or course about Tracking and Analizing Security Audit Journal on iSeries? I have tried Appendix F on Security Guide but there are not all entries and it does not explain how to analize records in journal.

Thanks a lot

unchecking the ‘password never expires’

Jam — Fri, 28 Aug 2009 14:45:49 +0000

Hi, I have a number of domain users in Windows 2003 Server Active Directory Users and Computers. I believe these users to have the ‘password never expires’ check box ticked in their accounts. I do not know who or where their accounts reside, therefore, I would like to know how to obtain a list of these users in order to remove the tick and hence enable the expiration peroid. Unfortunatley the use of a GPO to enforce the policy has never been used. However, after locating and removing all those users with ‘password never expires’ enabled I intend to use a GPO to prevent AD accounts from never expiring. I hope I’ve explained myself well. Thanks.

How to do a security assessment in a hospital environment?

19770809 — Tue, 19 May 2009 09:47:25 +0000

Possible questions to ask to employee working in a hospital enironment when you are conducting security assessment?

Road to become a Security Auditor?

Ind — Thu, 26 Mar 2009 08:22:34 +0000

Question Edited by iloverevti99

Checklists for Router, Firewall and Switch security

ISMS — Wed, 04 Mar 2009 06:03:01 +0000

I have recently been shifted to Information security audit department. I need some checklists to check the security compliance for Router, Switch, and Firewall. Please provide me some checklists to audit the same.

Network Security refresher training

Fwguyus — Sun, 04 Jan 2009 20:12:02 +0000

Hello,

I was wondering if anyone can refer me to a good and basically free online network auditing, testing, documentation resource available online. thank you.

Can a company do an ISO 17799/27001 certification in-house?

Security Channel ATE — Tue, 25 Nov 2008 22:17:21 +0000

New Discussion Post by

Security Audit

HubeHube — Mon, 20 Oct 2008 21:04:25 +0000

what form or procedeure would you use for a final security Audit after the Avaya system is installed?