This website uses cookies to ensure you have the best experience. Learn more

Security Audit Essay

1554 words - 7 pages

• The HoneyTree was hired by another company to conduct a security audit to examine the vulnerabilities of its information systems. To complete the security audit, it must be determined if there are vulnerabilities of its informational system. The set up and the overall security of the network area will be tested. The company is a five building campus. All five buildings, inside and outside will be tested. The perimeter of the campus will also be tested to make sure that no internet service is outside the campus. In order to complete the audit a list of all users, databases, and passwords will be needed. Access to the grounds to observe who has access to what will also be crucial. ...view middle of the document...

Also, security of the buildings will be tested. Who has access to rooms and the building as a whole will be monitored. Where are the servers being stored and who has access to that will also be noted. Walking around and trying to gain access and watching people gain access to the building and rooms inside. Who has access to computer labs and if there are any security features into using these computers. While walking outside observing if there are any security cameras and who can get into the buildings. These will be tactics in observing the security outside the campus and the security measures of the buildings themselves.
• The campus area network allows an interconnection between the LANs of the campus over the network. The Wi-Fi LAN in each building allows users in the area of the building to connect to the network. The campus area network is a limited area which only allows users within the area to connect. Many users can connect to the Wi-Fi LAN. The Wi-Fi is convent with no cables needed and can transfer data at a distance. The LAN is a small area with users. The speed should be fast and efficient. A router connects the networks together. It can distribute data traffic and allow only users with usernames and passwords to access it.
• The database server is a blade server. It is a program that equally distributes applications from the server to the clients. This server stores applications such as software or other servers which then allows users who connect to the server to use them.
• The internet and email server store, collect and transmit data from person to person. Email server transmits emails from person to person. The server takes in any internet sources or emails, searches for any viruses or malware store within them. This provides another form of security through the server itself.
• The backup server is used as a backup which is a good disaster recovery plan. If something were to happen to one server or a computer, the backups will be stored on the server.

• After completing the audit, there were some vulnerabilities found in the information systems set up. First, because the LAN features Wi-Fi, it is very possible that someone could hack into the network. The threat of eavesdropping will never completely disappear. Wireless LANs use radio frequencies and even though they could be encrypted, the right technology can allow people to listen in on communications. Second, war driving will not be a huge issue at this campus due to the fact that you must be on campus to receive Wi-Fi and you must have a proper username and password in order to log on. Authentication is used for users who want to connect to Wi-Fi. A user ID and password would be provided when attending the campus. Without the proper user ID and password, the secure network would deny all access. This authentication will help prevent both the eavesdropping and war driving issue. Third, a Wi-Fi LAN with multiple users can slow down...

Find Another Essay On Security Audit

How to enable the audit of Active Directory Objects in Windows 2008 R2

1217 words - 5 pages Policy” and select Edit to display the following window. Figure: Group Policy Management Editor 7. You’ve to browse through Computer Configurations > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy, to access the auditing policies as show herein below. Figure: Audit Policy 8. Here, you can access the following audit policies. i) Audit account logon events ii) Audit account management iii) Audit directory

Auditor choice and institutional investor choice after the Enron scandal.

708 words - 3 pages French company tend to favour Big 4 audit firm, as the shareholder suffer lack of legal protection. Undeveloped financial security system make the role of Big 4 audit firm arise in some civil law countries and also developing market. However, the fall of Enron at the end of 2001 give impacts to the choice of auditor in the French firm. Arthur Anderson, ex Big 5 auditor firm play significant role in collapse of Enron. Based on the history, the

Security Risk Management SRM and Auditing

1022 words - 4 pages activities of the IT security function are varying in accordance with the criteria of size and sector"(Osborne 1998). The lack of management support is one of the key failures for IT project implementations (Johnson 1995). Similarly, without adequate management support, IT security audit would not accomplish much. Part of a balanced SRM is a proper risk evaluation or an audit. An IT security audit should be integrated into the corporate

Institutional Ownership

2007 words - 9 pages Audit Quality Indicators To date, there is no an absolute standard or benchmarks in describing audit quality of public companies’ financial statements. As mentioned earlier in the previous section, many researchers have conducted numerous studies to find a definite meaning of audit quality yet little consensus has been found. Standing Advisory Group (SAG) members of the Public Company Accounting Oversight Board (PCAOB) have taken an initiative

Steps to Enable File Access Auditing in Windows Server 2008 R2

882 words - 4 pages . Figure: Warning to edit a GPO 6. Read the message and click “OK” button. You can also check the box saying, “Do not show this message again”. 7. Right click on this new GPO and select “Edit” to display the following “Group Policy Management Editor”. Figure: Group Policy Management Editor 8. Browse the nodes Computer Configuration > Policies > Windows Settings > Security Settings > Local Policy, and click “Audit Policy” as shown herein below

Effect of CIS processing on the entity's internal control structure

3476 words - 14 pages controls, reduces the risks through general controls and application controls, and increases the effectiveness and efficiency of audit procedures by Computer Assisted Audit Techniques (CAATs).1. Effect of CIS processing on the entity's internal control structureAs a component of the internal control structure of an entity, a CIS has a number of roles. Such roles include actually performing controls in day-to-day transaction-processing activities and

Auditor General

2337 words - 10 pages and Section 16 (1) of the Finance and Audit (Reform) Act no 12 of 2005 the Auditor General is mandated to prepare an annual report documenting those significant findings for each financial year and present such report to the National Assembly. With this in mind, the purpose of this paper is to review the Auditor Generals Reports for years 2009/2010 and 2010/2011 which have been presented to the National Assembly. It will determine what

Ways to enable File Server Auditing on Windows Machines

965 words - 4 pages Auditing. 1. Go to Start Menu > All Programs > Administrative Tools > Local Security Settings. This will display the following window. Figure 1: Local Security Settings 2. Double click the Policy in the Right Hand Panel of above window and this will display the following window. Figure 2: Audit Account Logon Event Properties 3. Check both “Success” and “Failure” items in the above dialog box. 4. Click “Apply” and “OK” button to turn on the

Corporate Governance, Audit Committe, and Director Independence

1534 words - 7 pages Corporate Governance, Audit Committee & director independence A spate of shattering corporate collapses, particularly among large listed companies despite their annual reports and accounts have raised numerous issues in corporate governance. The corporate meteoric rise and fall was associated with serious deficiencies in its corporate governance, including weaknesses in internal control, financial reporting, audit quality, board’s scrutiny of

Information Security Credentials

1389 words - 6 pages )."Systems Security Certified Practitioner (SSCP): SSCP is a vendor-neutral computer security certification also governed by the International Information Systems Security Certification Consortium (ISC2). The SSCP certification test is based on seven domains of information technology; these seven domains are: Access control, Administration, Audit and monitoring, Cryptography, Data communications, Malicious code/malware, Risk, Response and

Comparison Among DB2 And Oracle In Term of Security

4280 words - 17 pages security mechanism. It ensures that authorized users don't abuse their privileges and users are held accountable for their actions. Since auditing is very important in database management system, both Oracle and DB2 provide audit facilities.7.1 Basic AuditingDB2 audit facility produces an audit trail to capture database-level and instance-level events. The generated records of this audit facility will keep in an audit log file. System misuse can

Similar Essays

Security Audit Essay

2192 words - 9 pages place to protect the company against loss of information to the outside world. This paper addresses all the issues involved in security auditing of Ariam travel agency’s network and its premises. Security Audit Ariam travel agency handles bulk information that contains sensitive customers and employees’ information; it contains multiple external users and various e-commerce applications. Therefore, data security at this company is very

Acceptable Use Policy (Aup) And Security Audit

863 words - 4 pages Acceptable Use Policy (AUP) and Security Audit In the computing world, the Acceptable Use Policy (AUP) refers to the set of rules that are applied by the manager of a particular computer network or website that helps to restrict the ways in which the website or network can be used (Ciampa, 2012). The AUP documents are normally written for the service providers in order to help reduce any potential legal action taken by a user subscribing to

Auditing The It Security Function: An Effective Framework

3483 words - 14 pages recognition of this, ways of measuring and monitoring the effectiveness of security controls and systems have been developed into internationally recognised standards, providing a valuable tool for Auditing the IT Security Function. Convincing management that the audit process is necessary to maintain good security is perhaps one of the main hurdles preventing good auditing practices to be adopted. There are, however, convincing arguments to help

The Importance Of A Comprehensive Security Policy For Modern Businesses

2140 words - 9 pages management, named "RAA". "RAA determines the translation of the IT security policy into working methods, procedures and products to ensure levels of protection of IT assets commensurate with their identified levels of risk"(Osborne, 1998). Finally, what auditors are involved in the audit of IT security function is the education and awareness. Osborne (1998) claims, for one thing, if individual staff are highly educated to practice an IT security