Security Basics mailing list archives
A question about Access controls
From: Faheem SIDDIQUI <fahimdxb () gmail com>
Date: Sat, 04 Nov 2006 22:53:13 +0400
Hi AllThe job at hand is to target the points raised in the last years IT Auditing report and be able to help client come clear ( at least 80-90%) this year ending Dec 2006.
Having taken care of some of the other issues, the main ones still pending happen to belong to the Access Controls.
The points raised by E & Y guys were: 1. System utilities be controlled, monitored and challenged by someone. 2. Periodic review of access privileges. 3. Response and investigative procedures be put in place and4. A report listing user profiles and access controls be generated from system on regular basis.
The setup has two Network Administrators managing about 25 Windows 2003 servers (Windows AD/NAS/SAN/Mail Exchange/Websense etc) and about a dozen programming and development team members. All are overworked as usual with little to none segregation of duties, not even on paper.
How to satisfy auditors this year? Any/all ideas would be appreciated. --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINEThe NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- VPN relied upon for method of encryption nospam (Nov 03)
- A question about Access controls Faheem SIDDIQUI (Nov 06)
- Re: A question about Access controls Kern (Nov 10)
- Segregation of duties trivia Faheem SIDDIQUI (Nov 14)
- RE: Segregation of duties trivia David Gillett (Nov 15)
- Re: A question about Access controls Faheem SIDDIQUI (Nov 14)
- Re: A question about Access controls Kern (Nov 10)
- A question about Access controls Faheem SIDDIQUI (Nov 06)