Conduct internal security reviews


Conduct internal security reviews
Adesh Rampat

You have to stay on top of your security operation all the time. It's not enough to put procedures in place; you have to check periodically to make sure your people are following the procedures and that these procedures are bearing the fruit that you want. In this tip, Adesh offers a checklist for a periodic internal security review that will help you keep up-to-date on your internal security operation.

Protecting your organization's mission critical data is always a top priority. To ensure your data is safe, you should conduct a periodic internal review to ensure that basic security measures are in place. Here is a list of things to check on a regular basis.

User Accounts

Ensure that user accounts for employees who leave the organization are disabled. I recommend disabling these accounts so that when the vacant position is filled you can rename the disabled user account for the new user. This will make the process of assigning permissions to shared folders easier. Create a group for temporary users (contract employees) and ensure that these user accounts have an expiration date.

Set logon hours for users

If there are vendors who dial in for remote access, dial in to access information make sure that logon hours are applied to their user accounts. Ensure that vendors with dial in access are part of a group, and that this group does not have access to files/directories for which they do not need access.

Network Shares

Review all network shares to ensure that the proper permissions are assigned to the network shares.

Service Pack Updates

Make sure that the operating system has the most recent service pack updates. Also visit the Microsoft Web site regularly for bulletins on security issues.

Administrator Password

Ensure that the administrator's password is changed periodically.

Event Viewer

Examine the security logs in event viewer periodically.

Adesh Rampat has 10 years experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.

This was first published in December 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.