When checking system access, make sure you look at all the different items that affect the user’s access. For example, the user might need one or more of the following:
- Application ID
- Application role or group
- Membership in an local server group, Active Directory (AD) group, or UNIX Group
- Access to the application’s share and/or folder on the server
- Database ID
- Database role, including access permissions (read/write)
- Other permission (from a home-grown application code or enterprise identify management system)
Continue reading →
Like this:
Like Loading...
Filed under Audit, How to..., Security, Technology
Tagged as access, active, AD, admin, application, Audit, batch, confidential, contractor, data, database, directory, employee, file, financial, folder, format, generic, group, hipaa, HR, ID, LDAP, log, membership, new, non-personal, OS, PCI, permission, personal, role, script, setup, share, sox, system, Unix, user
If you’re an IT auditor (or want to be one) and don’t have any audit certifications, which certification should you get, the CISA or the CIA? If you want to get both, which one do you get first?
Full disclosure: I have the CISA, but not the CIA. Back when the CIA was 4 exams, I studied for all the CIA exams except the financial exam, but ended up not taking any of the exams. I also have the CISSP.
Continue reading →
Like this:
Like Loading...
Filed under Audit, Certification, Security, Technology
Tagged as Audit, auditor, basics, certification, cia, cisa, cism, CISSP, cost, cpe, dummies, exam, financial, gold standard, guide, iia, internal, isaca, isc2, IT, learn, master, mcse, path, pay, perception, risk, salary, Security, study, survey, trifecta, tutorial
When checking system access, make sure you look at all the different items that affect the user’s access. For example, the user might need one or more of the following:
ITauditSecurity 