Okay, so you’re not up to a wastebasket audit? Too demeaning, too sneaky, too many sticky candy wrappers? How about a simple server share audit?
Many companies have shared drives, and then they have “over-shared” drives, those locations where anyone who needs a space to store files that they share with a couple departments. Or perhaps your company just doesn’t lock their shares according to the least privilege principle.
WARNING: Before you start, think about the repercussions if your searches are discovered. It always helps to have a GOOJ card.
To audit a share, execute a search for key words such as these:
- SSN
- social security
- ???-??-???? (where ? = wild card)
- password
- confidential/trade secret
- secret
- theft/steal/fraud/lawsuit
- appraisal/salary/pay raise/demotion
- intellectual property
- .mp3, .avi, .mov, .mpg, .wmv, .qt, etc. (video formats)
- <names of sensitive projects or terms at your company>
- <words like sex, nude, naked, xxx>
- <swear words, explicit body parts>
- medical history (or other sensitive types of data your company collects)
Since the server does all the work, you can fire off the search before lunch or right before you go home.
If you make copies of the files as evidence, I’d suggest that you encrypt your collection to prevent someone else from viewing them–you don’t need two locations leaking this type of info, especially if it’s “visually sensitive.”
P.S. I expect my blog traffic to go up a bit due to some of those key words/tags. :)
ITauditSecurity 
Pingback: New IT Auditors Should Start Here | ITauditSecurity