CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [226]
Usage audits also examine network usage. Is your network being used for illicit purposes? Is pornography present in your environment? Any number of other problems may also be discovered. By performing audits, you can help deter potentially embarrassing or even illegal activities from occurring in your environment.
Escalation Auditing
Escalation audits help ensure that procedures and communications methods are working properly in the event of a problem or issue. Escalation is primarily focused around the issue of gaining access to decision makers in a time of crisis. These types of audits test your organization to ensure that it has the appropriate procedures, policies, and tools to deal with any problems in the event of an emergency, catastrophe, or other need for management intervention.
Disaster recovery plans, business continuity plans, and other plans are tested and verified for accuracy. These types of plans require constant care or they become dated and ineffective. An audit can help ensure that all bases are covered and that your plans have a high likelihood of success when needed.
A good way to determine if your escalation audits are working is to test them. Many organizations develop scenarios to verify that mechanisms are in place to deal with certain situations. If the president of the organization is out of town or unavailable, who has the authority to make a decision about transitioning to an alternative site? If such issues can be worked out in advance, they’re much less difficult to deal with in emergencies.
Real World Scenario
Performing a Usage Audit
Your company has undergone its umpteenth reorganization. Many people have been moved to new positions within the new organizational chart. You’ve been asked to verify that users can access the information they need to perform their jobs. You also need to make sure that any inappropriate access is removed.
To successfully complete your assignment, you’ll need to inspect every user account and group to verify which user accounts belong to which groups. You also need to verify that each group has the appropriate access to the servers and other resources needed to accomplish their assignments.
In many newer systems, you can accomplish this by inspecting the access groups that users belong to and by adding or deleting user accounts as appropriate. If you’re using a network that doesn’t support security groups, you’ll need to modify the access rights of each account individually.
Administrative Auditing
One of the most overlooked components of an audit involves administrative elements. It is important to document the procedures undertaken during the classification of information (classifying information was discussed in Chapter 6), and who is involved in this process. You must also document who is involved in investigations, when it is suspected that something is awry, and the procedures they follow—known as due diligence.
This section of the audit should also address change management—the structured approach that is followed to secure the company’s assets. Details here should include the controls that are in place to prevent unauthorized access to, and changes of, all IT assets. Among the assets you must be able to demonstrate appropriate controls on are all those related to Personally Identifiable Information (PII). PII exists within your databases for all users, customers, vendors, and contacts and includes such things as their phone number, address, credit card number, employee status, and so on. In general, any attribute of any person is considered PII and is thus subject to privacy protection—and liability—issues.
Auditing and Log Files
One operation you will need to perform when working with log files if you are going to evaluate entries from security applications is carefully monitoring their size. In some operating systems, the files are allowed to grow indefinitely (until