Home | Computers | Security
As long information is the most valuable resource of the company, then it's obvious that when we talk about auditing security, we should focus on IT security audit. Getting information about the security procedures in your IT department is critical to your business. Are there any common IT security issues that we should pay attention to? IT security auditor should check that the information you are using is securely kept and managed. Keeping information secure is not a kind of art. There are some major issues your admin should remember about. First, keep data in secure place, such as encrypted hard disk. Second, make sure only authorized persons can access certain information. Third, make sure it's not possible for intruder to get your data. To make an audit of backup process it's enough to emulate the system crash. How long will it take to recover the whole system? Will all the data be recovered? What will be data lost? Once, auditor have these data, it's necessary to compare it against common industry, e.g. benchmark your backup process metrics against your colleagues. What about controlling, if only authorized person can access sensitive data? It's harder than checking up backup. The thing you should start with is making sure that authorized administrator have a clear structure of who have access to the sensitive data, there might be a levels of access, but the whole system must be described clearly. This is the key part of secure authorization and information sharing. The most important - how do your people manage secure information? If there is a chance of copying secure information, e.g. possible information leakage? If there are some persons who is unaware about security measures that are used within company? Do users follow an appropriate password policy? There are much more questions about possible security leakages and the must-scan issues. How to get known what should security expert scan? Well, it depends on how can potential intruder get your data. It's necessary to use file shredder (better if it would be background mode) to make sure it's not possible to recover data. How to check if users are managing files in a proper way? Try to find possible breaks in security. For instance, someone can keep files not in document management system, which is protected with strong encryption, but on local hard disk, protecting them with easy to crack password. Can people at your company use a flash drives? It's very dangerous, as it would be easy to copy the sensitive data and take it out the company, but again, some business really require information to be copied on flash drives? What is the solution? Try to monitor the actual information that is copies on these drivers. For instance, if user copies a password protected files, then it might be a possible security issue. Checking the passwords is another task. Short or known password will not work. Make sure there is a copy password policy which tells what passwords are good and why. Make sure people follow this policy.
Article Source: http://www.rightarticle.com
If you are interested in information security auditing, check Sam Miller new web-site.
Please Rate this Article
5 out of 54 out of 53 out of 52 out of 51 out of 5
Not yet Rated
