Hi folks, it has been a while since I posted. I’m not dead or in solitary confinement.
I’ve just been busy studying Python, and it has taken a bit of my time.
I’ll post something soon….
Anybody else working on Python?
Tag Archives: WHERE
Some Periodic Reviews Provide Little Assurance
I’ve written before how some periodic reviews provide management with little assurance, but management doesn’t realize how little.
My previous post focused mostly on server access. In this post, I want to look at normal user access.
For example, let’s assume your company has a policy that states that all IDs must be assigned within an Active Directory group. In other words, IDs are assigned to groups, and groups are assigned to assets; IDs should not be assigned directly to an asset.
Assume the control you are testing states that user access is reviewed annually.
Filed under Audit, Security, Technology
ITauditSecurity 