Windows Security – Audit Risk

70 pts.
Tags:
IT auditing
OS
Windows Security
I am performing internal audit on windows security monitoring process.  The client performs periodic review of windows domain administrators to detect if there were any unauthorized access.  For one of the review, we found out the individual was reviewing her own activity. My first thought is that this could be an SoD conflict.

I am trying to understand the audit risk with this process.  There is no financial systems in scope that sit on Windows OS except for ADP, which is managed by third party vendor.  Is there any financial audit risk with this?  If the domain admin did attempt to login to windows, would there be any impact to the financial systems or is this just security risk with windows only?  Appreciate any insights on this.  Thanks.  John.



Software/Hardware used:
Windows
ASKED: November 5, 2009  7:33 PM
UPDATED: November 7, 2009  12:33 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

If the ADP database lives on that server, there could a security risk. To avoid the risk the database files should be encrypted and access should be restricted by a separate set of login credentials.

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following