Tag Archives: read

Some Periodic Reviews Provide Little Assurance

securityI’ve written before how some periodic reviews provide management with little assurance, but management doesn’t realize how little.

My previous post focused mostly on server access´┐╝. In this post, I want to look at normal user access.

For example, let’s assume your company has a policy that states that all IDs must be assigned within an Active Directory group. In other words, IDs are assigned to groups, and groups are assigned to assets; IDs should not be assigned directly to an asset.

Assume the control you are testing states that user access is reviewed annually.

Continue reading

Leave a comment

Filed under Audit, Security, Technology

For Easier Reading and Linking, click PRINT

Click Print for easy reading and linkingTo make it easier to read articles on the Internet that span multiple pages, look for a Print button or link on the page.

Most of the time, the link is at the bottom of the page, but sometimes the Print link is at the top (of course, not all web sites offer this, but most of the online magazines do).

Continue reading

Leave a comment

Filed under How to..., Written by Skyyler