External IT company auditing security and policies

We have an external IT company auditing our security and policies. What kind of access should we give them? Should we be worried about auditing the auditors?

Troubleshooter24755 pointsBadges:

Linux Key Audit checklists

Is there any standard LINUX Audit checklist procedure for assessment?

Dharmagrao100 pointsBadges:

Auditing administration tasks via the GUI

I have a requirement to monitor (audit) administrator users in our Windows environment but can't find anybody who can provide a tool that will let me record and play back the GUI-based activity. I can track the CLI based activity. Anybody know of a utility/tool that will let me track the GUI...

Neil535 pointsBadges:

Auditing features in Windows Server 2003

How can I make auditing in Windows Server 2003 and how we can see who is last one access the file?

Bv5 pointsBadges:

Checklists for Router, Firewall and Switch security

I have recently been shifted to Information security audit department. I need some checklists to check the security compliance for Router, Switch, and Firewall. Please provide me some checklists to audit the same.

ISMS130 pointsBadges:

Road to become a Security Auditor?

Hi, I am really confused about way to follow to become a Security Auditor... and the opportunities it has in future.. esp. in India? Currently I am working as a Security Consultant but dealing only with Security Related products including Firewalls, NMS, IPS etc and not Standards like BS7799,...

Ind5 pointsBadges:

Exporting Windows server 2003 SAM database for external security audit

We need to export the windows server 2003 SAM database to a standalone server for an external security audit. Where do I find this file or how can I export the data needed?

NewnanIT1,110 pointsBadges:

Analyzing Security Audit Journal

Hello, could you please tell me where can I find a book, guide or course about Tracking and Analizing Security Audit Journal on iSeries?  I have tried Appendix F on Security Guide but there are not all entries and it does not explain how to analize records in journal.  Thanks a lot

Fabypaumc15 pointsBadges:

Security audit of access within Active Directory 2008 network

We need to do a security audit to see what users have access to what within our Active Directory 2008 network. Is there a free tool to help with this and possibly reassign permissions based on rules?

Troubleshooter24755 pointsBadges:

Network Security refresher training

Hello, I was wondering if anyone can refer me to a good and basically free online network auditing, testing, documentation resource available online. thank you.

Fwguyus5 pointsBadges:

Security Audit

what form or procedeure would you use for a final security Audit after the Avaya system is installed?

HubeHube20 pointsBadges:

HBSS Question

Does anyone know how to pull the AV logs from hosts McAfee Agent remotely from the ePO Server?

GasPerez20 pointsBadges:

ISO 27001 help?

Hello, I'm a student at UAT and am attempting to find out what would the best way be to implement ISO 27001 framework from the ground up. Has anyone here set it up from nothing, and what recommendations do you have starting this up?

GasPerez20 pointsBadges:

Deciphering Event Log ID 529 Audit Failure

We have a small network (less than 50 workstations), and I notice in the Security Event Logs of each workstation there will usually be several audit failures. For example: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 3/30/2009 Time: 8:19:25 AM...

SamR5 pointsBadges:

Auditor prohibited from using Yahoo mail or other research need for the company

In our company, the IT department set some policies to be able to control accessing inappropriate sites and other illegal sites. As an auditor, are we exempt from their policies because even accessing Yahoo mail is banned? There are times we need to research needed by the Top Management but we...

Elgin5 pointsBadges:

Information on IT Auditing

Where can I get the information on IT auditing from this site? Thank You.

ss38135 pointsBadges:

Securitiy Auditing in AS400

Dear all ! In our company we are using power 720 server for our application. Some of us in the Admin side we have the access to all the objects and can do any changes. But i as a super admin i just want to record all the activities of another person like changes in PF and job ending and all...

Sureyz2,880 pointsBadges:

Can a company do an ISO 17799/27001 certification in-house?

Can a company do an ISO 17799/27001 certification in-house or does it require a third party to come in and do it? what about after that - are recertifications required or can that be done in house with an internal auditor?

Security Channel ATE15 pointsBadges:

How to tackle the security risk an IT administrator generates

Hello, im an auditor for global copany risks. One of the things that we look for is sepperation of functions. shortly said, you don't want the same person creating your bill's and be able to pay them (because he presents a serious security risk for commiting fraud.) Now what to do with an Domain...

Nauthiz5 pointsBadges:

Remote printer service pose security risk?

The IT auditors have pointed some of my boxes (SUSE, Solaris 10 and AIX) have [strong]remote printer service[/strong] running and that is a potent security violation. I am confused what is remote printer service and how do I disable the same. I need the help. A prompt response is appreciable.

RanaSarkar30 pointsBadges: