A Report On Network Security Audit - 4059 Words

Network Security Audit Jed Johnson, CGAP City Auditor Major Contributor Roshan Pulikkiel IT Auditor Christy Rodriguez, CPA Staff Auditor August 18, 2015 Report 201505 Table of Contents Page Authorization 1 Objective 1 Scope and Methodology 1 Overall Conclusion 2 Background 3 Management Accomplishments* 5 Opportunities for Improvement 6 Authorization We have conducted an audit of the Network Security Audit. This audit was conducted under the authority of Article VII, Section 5 of the Garland City Charter and in accordance with the Annual Audit Plan approved by the Garland City Council.†¦show more content†¦As part of the methodology, IA performed the following: †¢ Reviewed the perimeter protection safeguards in place for IT assets like workstation, switches, servers etc. (Obj. A) †¢ Examined the environmental, media access and general controls for server rooms and data centers. (Obj. A) †¢ Evaluated policies, standards, procedures and guidelines in place to enable employees to be enablers to a robust security awareness program. (Obj. B) †¢ Determined if risk analysis has been employed by ITS to determine the exposure and countermeasures to risks to establish accountability for risk decisions.(Obj. C) †¢ Assessed if the network policy has been developed and documented based on a recognized standard. †¢ Looked if the security strategy is in alignment with the security policy for the City as well as for the third party providers. (Obj. C) †¢ Examined if appropriate security classification is established based on the sensitivity of data processed in different zones. (Obj. C) †¢ Inquired if operating systems, servers and other network appliances operating on the network is configured for maximum security.(Obj. C) To assess the reliability of reports produced by the IT department, IA interviewed multiple individual from the IT department regarding their process, manually verified the data to look for appropriateness and completeness, and reviewed the existing IT policy and documents fromShow MoreRelatedInterview Technical And Non Technical Staff1268 Words   |  6 PagesDuring the data gathering phase it is crucial to interview technical and non-technical staff to determine if the security policies are being followed. Any staff who have access to the computers or systems in the organization should be interviewed in the security audit. System users, managers, and even cleaning staff should be considered. During the interview it will need to be determined what access the staff have to the systems and what their usage patterns are. If they have administrator accessRead More Security Risk Management SRM and Auditing Essay1033 Words   |  5 Pagesvolatile, increasingly unpredictable world. I n addition to protecting their internal resources, organizations must consider the security and well-being of their employees, partners, suppliers and customers, as well as the reliability of the web of networks and systems on which most now depend. Stop Managing Security. Start Managing Risk. The way forward lays in a security risk management (SRM) approach that protects your company from the most severe threats to critical IT systems and operationalRead MoreDeveloping a Company Network Security Policy820 Words   |  3 Pageshaving the capabilities to access the company’s network both in and out of the office, increases the potential that information or the access to information may end up in the wrong hands. It is because of these threats that companies create and enforce network security policies. A network security policy is a document that states how company intends to protect the company’s physical and information technology assets. (Rouse, 2007) A security policy is intended to be a living document thatRead MoreAnalysis Of Jacket X s Payroll Processing System1343 Words   |  6 Pagesis defined as an undesirable event that can cause harm†. It is also important to note that threats can be internal or external to an organization (Valacich). Alternately, a vulnerability is defined as a â€Å"weakness in an organization’s systems or security policies that can be exploited to cause damage† (Valacich). Vulnerabilities can be associated to gaps in architecture, software, processes, or people. This paper will focus on the threats and vulnerabilities assessed during a review of Jacket-X’sRead MoreBuilding A Compliance Regulation Plan1149 Words   |  5 PagesHealth Network Solutions, n.d.). These standards need to be clearly conveyed a s to enable all staff to fully understand the principles that define our practice. We should be clearly communicating our desire to see dedication, loyalty, and ethical behavior in the workplace. It is one thing to have a plan, and an entirely other to enforce it. With the new plans, procedures, and standards in place, we will need officers who uphold compliance with the plan (Glasel D., 2007; Health Network SolutionsRead MoreOrganizational Security Plan Analysis1465 Words   |  6 PagesII. Organizational Security Plan and Policya. Security Risks:1. Flood – Burlington, Iowa is located off of the Mississippi River and has flooded in the past. Preventative measures for flooding will include stored sandbags to be placed around the perimeter of the main office and keeping up with weather mandates for the Burlington area. 2. Power Outages – Regardless of the cause, power outages can occur at random times. A UPS device will be placed within the main office to prevent loss of power, duringRead MoreSecurity Administration, Inc.1359 Words   |  6 Pages Kaplan University IT286 Unit 9 Jennifer Polisano To: Mr. Ross, CISCO Web Site 101 West Branch, IN 55545 From: XXX Security Consulting, Inc. Mr. Ross, As we discussed previously, this document includes our recommendations for just a few of the security policies that would be useful for your organization. These recommendations are written in a form that will be approved by you and your management and are intended to demonstrate what is needed, not how the policies willRead MoreSecurity Log Examples800 Words   |  4 Pages Description of Detection Application (EventlD Log): While the role of reaction has traditionally been assumed by the system or network manager, we start by programming the IDS which operate online and in real time to behave either reactively or proactively to assure that fraud has become under control. So, reactive means to point and respond to the detection of an intrusion by, for example, terminating the suspect process, disconnecting the offending user, or modifying a router filter list. SecondlyRead MoreNetwork Monitoring And Packet Analysis. A Network Monitoring1482 Words   |  6 PagesNetwork Monitoring and Packet Analysis A network monitoring software is one that continually checks developments within the network, completes examinations, and signals IT personnel whenever a fault occurs or unwarranted standards are exceeded (MSDN Microsoft Technet). Network monitoring is very important and is typically suggested in order to keep a record of the readiness, operation, and bandwidth standard in an IT network. Network monitoring allows the administrator to intervene quickly, evenRead MoreBuilding Standards For The Base Configuration Of Internal Server Equipment705 Words   |  3 PagesServer Security Policy Purpose The purpose of this policy is to establish standards for the base configuration of internal server equipment that is owned and/or operated by IHS. Effective implementation of this policy will minimize unauthorized access to IHS proprietary information and technology. Scope This policy applies to server equipment owned and/or operated by IHS, and to servers registered under any IHS-owned internal network domain. This policy is specifically for equipment on the internal