800.544.8269
Key elements of the
Remote IT Security Audit
Key elements include, but are not limited to, the following:
1. Windows server security
- Local SAM risks
- User rights
- File permissions
- Audit policy
- Security log settings
- Services
- Patches
2. Windows workstation security
- Services
- User rights
- Desktop restrictions
- Unattended workstation controls
- Audit policy
- Security log settings
- Local SAM risks
- Local firewall
- Patches
- Unauthorized software installation
3. Active directory and domain controllers
- Administrative authority
- Password and lockout controls
- Audit policy
- User rights
- Trust relationships
- Services
- Patch
4. Firewall configuration
5. WAN security
6. Remote access and VPN security
7. Information security policy
8. IT procedures
- Account management
- Access control
- Monitoring
- Patching
- Backup
- Malware
- Reports to management
9. Antivirus/Anti-malware controls
- Internet gateway
- Workstation
- Server
10. Routers and other network devices
11. Intrusion detection and prevention
12. Penetration analysis
- Level 2 penetration test which comprises a port and vulnerability scan of the network's external interfaces to the Internet and, if necessary, a scan of direct inward dialing phone numbers with a war dialer.
13. Access controls
We know the elements of compliance programs: policies, training, monitoring, controls, and audit.
While there may not yet be such a thing as a perfect ompliance program, we have a pretty good idea of what it should be.
Phone numbers: Voice: 828.252.2651 Fax: 828.252.0361 Client Line: 800.544.8269 Client Fax: 800.890.1411
©2006 Management Assistance Programs and Services