Conduct internal security reviews

Checklist for auditing your internal security procedures.

 

Conduct internal security reviews
Adesh Rampat

You have to stay on top of your security operation all the time. It's not enough to put procedures in place; you have to check periodically to make sure your people are following the procedures and that these procedures are bearing the fruit that you want. In this tip, Adesh offers a checklist for a periodic internal security review that will help you keep up-to-date on your internal security operation.


Protecting your organization's mission critical data is always a top priority. To ensure your data is safe, you should conduct a periodic internal review to ensure that basic security measures are in place. Here is a list of things to check on a regular basis.

User Accounts

Ensure that user accounts for employees who leave the organization are disabled. I recommend disabling these accounts so that when the vacant position is filled you can rename the disabled user account for the new user. This will make the process of assigning permissions to shared folders easier. Create a group for temporary users (contract employees) and ensure that these user accounts have an expiration date.

Set logon hours for users

If there are vendors who dial in for remote access, dial in to access information make sure that logon hours are applied to their user accounts. Ensure that vendors with dial in access are part of a group, and that this group does not have access to files/directories for which they do not need access.

Network Shares

Review all network shares to ensure that the proper permissions are assigned to the network shares.

Service Pack Updates

Make sure that the operating system has the most recent service pack updates. Also visit the Microsoft Web site regularly for bulletins on security issues.

Administrator Password

Ensure that the administrator's password is changed periodically.

Event Viewer

Examine the security logs in event viewer periodically.


Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.


This was first published in December 2001

Dig deeper on Patches, alerts and critical updates

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close