Are are no common IT security matters that we should pay attention to? IT security auditor must verify that the information you are using is well preserved and managed.
Keeping information secure is not a type of art. There are some important questions about its administrator should remember. First, keep the data in a safe place, such as encrypted disk. Secondly, make sure that only authorized persons can access certain information. Thirdly, make sure it is not possible for intruder to obtain their data.
To do an audit of the process of backup is enough to imitate the collision detection. How long will it take to recover the whole system? All data will be recovered? What will be lost data? Therefore, auditors have these data, it is necessary to compare it with common industry, for example, Benchmark your backup process metrics against their colleagues.
What about controlling, if only authorized person can access sensitive data? It is more difficult than looking up backup. The thing you must begin with making sure that it is authorized administrator has a clear structure that have access to sensitive data, there might be a level of access, but the entire system must be clearly described. This is a fundamental part of the insurance authorization and information sharing.
The most important - how people manage their information secure? If there is a chance to copy secure information, such as information can leak? If there are some people who do not have knowledge about the security measures that are used in business? Is that users follow a policy appropriate password?
There are much more questions about possible leaks and security issues must-scan. How to get to know what should security expert scan? Well, it depends on how potential intruder can get their data. It is necessary to use the file shredder (it would be better if background mode) to make sure it is not possible to recover data.
How to verify that users are managing files in a good way? Try to find possible breaches in security. For example, someone could not keep files in the system for document management, which is protected with encryption strong, but on the local hard drive, protecting them with easy to crack password.
Can people in your company use a flash drives? It is very dangerous, because it would be easy to copy sensitive data and take it out of the company, but, again, some business really need information to be copied in flash drives? What is the solution? Try to control what is real information about copies of drivers. For example, if the user copies a password protected files, then it might be a possible security issue.
Checking the passwords is another task. Short or known password do not work. Make sure there is a copy password policy, which says that passwords are good and why. Make sure that people follow this policy.
About the Author: If you are interested in information security audit, check Sam Miller new web-site. Internet & Businesses.com
Bookmark it:
No comments:
Post a Comment