Solved

ops & security audit

Posted on 2011-09-16
4
401 Views
Last Modified: 2012-05-12
We have some local primary schools and libraries who want (with little budget) some guidance on what a top level IT audit / operations audit should look at and include. They have very little budget and could probably get a partner specialist to spend a day / day and a half to allow someone to review there network from security and operations best practice. Can you provide say “10 areas” that would be priority in a small setup that should be reviewed, which would take priority so they know they are getting the right areas reviewed for what budget they have?
0
Comment
Question by:pma111
  • 2
  • 2
4 Comments
 
LVL 19

Accepted Solution

by:
CoccoBill earned 500 total points
ID: 36553379
From top of my head:

- security policy and others, e.g. acceptable use policies
- patch management
- backup and restore
- change management
- logging and monitoring
- configuration management (servers, workstations, switches/routers and firewalls)
- hardware and software inventory, license management
- incident management
- account management

1-1.5 work days is not a lot to cover those and do the reporting, but it should be possible to at least quickly go through all of the areas in an interview workshop and find any major issues.
0
 
LVL 3

Author Comment

by:pma111
ID: 36556530
Thanks for the input

would security policy include the technical AD security domain policy?

And how would they audit incident management at a technical level?

Thanks
0
 
LVL 19

Expert Comment

by:CoccoBill
ID: 36556549
By security policy I meant the policy documents that state the goals, responsibilities, roles, standards, guidance etc for security management within your organization. AD domain policy (password policies etc) would rather fall under account management I guess. None of the areas require a technical assessment and for some like incident management they're not really even possible. Reviewing of any existing documentation/guidance/processes and interview workshops should be the easiest way to go about this.
0
 
LVL 3

Author Comment

by:pma111
ID: 36556560
Ok many thanks for your assistance
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question