Tag Archives: share

How to Audit User Access

How to Audit User AccessWhen checking system access, make sure you look at all the different items that affect the user’s access. For example, the user might need one or more of the following:

  • Application ID
  • Application role or group
  • Membership in an local server group, Active Directory (AD) group, or UNIX Group
  • Access to the application’s share and/or folder on the server
  • Database ID
  • Database role, including access permissions (read/write)
  • Other permission (from a home-grown application code or enterprise identify management system)

Continue reading

5 Comments

Filed under Audit, How to..., Security, Technology

What IT Auditors Ought to Know – and Don’t!

Here’s my list of IT/security basics that I think IT auditors ought to know. If you can’t understand and audit these items, you do not know enough about technology to avoid having the wool pulled over your irises (not matter how good an auditor you are). The list is in no particular order.

If you’re a CISA or CISSP and you don’t know the following, I think you have some work to do.

Continue reading

37 Comments

Filed under Audit, How to..., Security, Technology

How to do an Easy Server Share Audit

Okay, so you’re not up to a wastebasket audit? Too demeaning, too sneaky, too many sticky candy wrappers? How about a simple server share audit?

Many companies have shared drives, and then they have “over-shared” drives, those locations where anyone who needs a space to store files that they share with a couple departments. Or perhaps your company just doesn’t lock their shares according to the least privilege principle.

Continue reading

1 Comment

Filed under Audit, How to...