ActiveDirectory

Has the new Active Directory evolved to meet the needs of the Users - SAS70

With the release of Windows 2000, ActiveDirectory fire appeared and is not on its fourth version. New changes with Windows Server 2008 are: 1) a new domain controller model aimed at branches, new object restoration options, ability to take snapshots backups, and more flexible password policies. When performing a SAS 70 audit, many auditors use applicaitons, such as dumpsec, to gather information that is stored in Active Directory, What tools do you use to gather user permissions within your applications?  sas70expert at gmail.com

Have you checked your email today? – SAS70

When considering the scope of your SAS 70 audit, do you consider email an important company asset? Would it contain critical information on your customers? 9 out 10 times an email will contain customer financial data, executive contact information, and related gossip. Some SAS 70 audits fail to note the importance of maintaining security of company email systems.

Email systems must be protected from internal and external threats. Other employees gaining access to other’s email systems or hackers trying to break into your email servers could walk away with critical information. Executives would not be happy when receiving notice of a lawsuit by a customer because a hacker gained the schematics of their datacenter.

If you are using ActiveDirectory, perform periodic reviews users with access to email. In addition, limit administrators to as few as possible. Make sure your user access procedures are documented, approved, and implemented for your company. Terminated employees must be removed from email access immediately. Implementing these fundamental controls will assist you in completion of your SAS70 audit. SAS70expert@gmail.com