Solved

ops & security audit

Posted on 2011-09-16
4
392 Views
Last Modified: 2012-05-12
We have some local primary schools and libraries who want (with little budget) some guidance on what a top level IT audit / operations audit should look at and include. They have very little budget and could probably get a partner specialist to spend a day / day and a half to allow someone to review there network from security and operations best practice. Can you provide say “10 areas” that would be priority in a small setup that should be reviewed, which would take priority so they know they are getting the right areas reviewed for what budget they have?
0
Comment
Question by:pma111
  • 2
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 500 total points
ID: 36553379
From top of my head:

- security policy and others, e.g. acceptable use policies
- patch management
- backup and restore
- change management
- logging and monitoring
- configuration management (servers, workstations, switches/routers and firewalls)
- hardware and software inventory, license management
- incident management
- account management

1-1.5 work days is not a lot to cover those and do the reporting, but it should be possible to at least quickly go through all of the areas in an interview workshop and find any major issues.
0
 
LVL 3

Author Comment

by:pma111
ID: 36556530
Thanks for the input

would security policy include the technical AD security domain policy?

And how would they audit incident management at a technical level?

Thanks
0
 
LVL 19

Expert Comment

by:CoccoBill
ID: 36556549
By security policy I meant the policy documents that state the goals, responsibilities, roles, standards, guidance etc for security management within your organization. AD domain policy (password policies etc) would rather fall under account management I guess. None of the areas require a technical assessment and for some like incident management they're not really even possible. Reviewing of any existing documentation/guidance/processes and interview workshops should be the easiest way to go about this.
0
 
LVL 3

Author Comment

by:pma111
ID: 36556560
Ok many thanks for your assistance
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now