SlideShare une entreprise Scribd logo

How to Effectively Audit your IT Infrastructure

Netwrix Corporation
Netwrix Corporation

Nowadays, IT operations are required to run on a tight budget and under constant watch. Compliance, security and mobile innovation are making proper auditing of IT systems absolutely necessary. Knowing the most fundamental facts, like who changed what, when, and where, will save hours of troubleshooting, satisfy compliance needs, and secure the environment. This white paper shows a methodical approach to IT infrastructure auditing. That includes proper planning, estimation of time needed to implement an effective IT auditing solution, and critical resources.

Technologie
1  sur  9
Télécharger pour lire hors ligne
How to effectively audit your IT Infrastructure Chris Rich NetWrix Corporation www.netwrix.com Netwrix Corporation, 12 N. State Route 17, Suite 104, Paramus, NJ 07652, USA www.netwrix.com New York: (201) 490-8840 Tampa: (813) 774-6472 twitter.com/netwrix youtube.com/netwrix Los Angeles: (949) 407-5125 Boston: (617) 674-2157 netwrix.com/linkedin netwrix.com/googleplus London: +44 (0) 203 318 0261 Toll-free: (888) 638-9749 facebook.com/netwrix spiceworks.com/netwrix
NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure Table of Contents 1. Changes ahead: IT Auditing 2. The need to audit the IT Infrastructure 3. Planning 4. Implementation and what to expect 5. Scope of challenges 6. Solutions 7. Valuable Resources 2
NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure Changes ahead: IT Auditing The way in which IT provides value to the organization is rapidly changing. New requirements and challenges are everywhere. From compliance, security, mobile innovations to employees bringing personal equipment into the workplace, IT has now more than any other time been pushed to the limits. Compounding these problems are threats arguably more advanced than the commercially available defenses on the market today as well as threats from trusted individuals from within the organization even including human errors that can cost organizations their reputations, trust and money. CIOs and senior leadership everywhere are beginning to acknowledge that the traditional way of doing business as an IT organization needs to change with the times to reflect these realities. Those organizations and their leadership that are prepared to take the necessary steps to revise the dynamics between them and the organizations they serve stand to benefit and thrive in the years ahead. Enterprise auditing is a strategic and cultural shift that when implemented successfully can help satisfy regulatory compliance, improve overall security and promote efficient infrastructure oversight in the face of all these changes and challenges. The need to audit the IT Infrastructure IT professionals from the helpdesk to the CIO have been charged with implementing mechanisms both native and 3rd-party to address their enterprise IT auditing needs. This task up close appears daunting to many and with good reason. The enterprise of today operates 24x7x365 and is subject to stresses of access and modifications invoked by hundred and sometimes hundreds of thousands of people each day. This growing need to audit the enterprise should come as no surprise to anyone who has been in an IT role for the past 5-10 years. Knowing who changed what, when and where throughout the organization can save hours of troubleshooting, satisfy compliance needs, better secure the environment and permit administrators to manage multiple resources that frequently outnumber staff that are now at the critical core of operations. What’s most challenging is the diversity of platforms, systems and tools employed over the years just to sustain these daily operations. Now, various regulatory entities combined with a heightened awareness on IT security, the demands presented by auditing all of these systems around the clock in all corners of the enterprise may seem as though it were a perfect storm. Adding to this challenge are IT operations that are required to function on tight budgets under constant watch even more so than revenue-generating functions of an organization. Leaders keep asking for more while tightening budgets and the only way to successfully secure, manage and maintain the infrastructure is to implement enterprise-wide IT auditing. 3
NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure Planning To successfully audit the enterprise, there needs to be a priority list and a methodical approach to implementation that takes into account the various aspects to be addressed along the way. IT security and compliance auditing are perhaps at the top of the organizational IT priority list and therefore can expect to have some degree of senior management support. This can greatly help transform the organization because there will likely be changes that need this support to be successful. IT departments can use these follow steps to achieve their IT enterprise auditing goals: 1. Take an inventory and establish preliminary priorities Start with an inventory of systems and hardware that are owned and managed by IT including computers, servers, mobile devices, file storage platforms and even network appliances such as firewalls, switches, and routers. During the inventory, place a value on the data which they store or the role they serve and place a value on their need. Your goal here is to quickly give an estimated assessment of risk to each asset for further evaluation later. Involve Human Resources and Legal early in the process throughout to help identify those key areas that need ongoing auditing. This helps to further gain support and increase awareness across the organization. Document everything for future reference as this will form the foundation of your written plans and efforts auditors will want to see. 2. Eliminate waste, consolidate and replace assets Find opportunities to retire or replace aging equipment and platforms. These decisions will be tied to the existing budget and may be cost-prohibitive. Estimate the time required to implement any replacements or consolidations in the context of the final objective which is to audit your environment. The benefit of this assessment will be to provide awareness of what can readily be audited versus what assets may require additional effort to facilitate ongoing auditing. Document everything to measure progress and have a reference as you move forward which will also serve to satisfy auditors. 3. Categorize remaining resources from most auditable to least Looking at the systems that remain and keeping in mind what those resources represent in terms of data storage or access control, look to categorize these based on expected capacity for auditing. Some systems and hardware will more readily facilitate auditing. Best case scenario, the more auditable systems will contain the information most at-risk. Strategically, consider shifting at-risk information and resources to systems that will more readily permit auditing. Some adjustments to the environment may be justifiable before implementing any auditing solution so as to audit the most resources in the least amount of time accurately and effectively. A good example is Windows Servers. These have limited native auditing built in and this can be quickly enabled to start auditing events such as file access and logon/logoff events. Many storage appliances also have some form of built-in auditing capabilities. 3 4
NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure Again, document everything so that everyone involved in IT and these goals begin to become intrinsically aware of the cultural changes that are taking place as a result of auditing the enterprise. 4. Look for an auditing solution that will cover the most assets in the least amount of time Implementing enterprise auditing is an ongoing, long term effort. It will become an integral part of daily IT life once the transition has been made from little or no auditing to widespread auditing. Expectations should be balanced with what can be done in the allotted time frame versus what will need to be done over the longer term. The objective when starting out or improving upon existing efforts is to make measurable progress. The absolutely most critical goal here is to select a reputable vendor with a broad set of tools that has a good record of helping customers and a proven track-record of delivering product enhancements and updates to service the constantly changing nature and requirements of enterprise auditing. Doing so will require fewer contacts, support arrangements, and licenses to maintain and manage moving forward. This will also require flexible licensing, scalability and centralized long-term data storage as your needs and environment change over time. Auditing will need to be flexible, easy to setup and operate in parallel to most major IT initiatives moving forward. The audit store will also need to be equally flexible and reportable for as long as 7 years per certain regulatory requirements. A solution that can move with rapid change will save time, money and reduce overall stress. Document and expect needs will change quickly as more information is gathered and weighed against priorities and timelines. Implementation and what to expect The amount of time to implement an effective IT auditing solution in the enterprise will vary. It’s difficult to quantify time and every environment is different. Some may have equipment that is many years old and may present special challenges to auditing while others may have a narrow assortment of technologies. These considerations will need to be mapped out in advanced and documented. To deliver auditing to the enterprise could result in 50% of the total time taking inventory and consolidating, 25% prioritization, and system/platform preparation, and 25% implementation. Don’t forget to account for documentation as this will be a measurable part of the overall effort. Starting out with the end result in mind will help establish realistic, attainable short term goals that will roll up into larger, longer term goals. Keeping a balance will help the IT department and those involved in the project including Human Resources and legal staff looking forward to each stage of the implementation while building the cultural and behavioral competencies that will be required to sustain auditing and compliance as well as security practices for the long term. Be prepared to be flexible and adjust as conditions change. 3 5
NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure Scope of challenges Implementing enterprise auditing in diverse IT environments is common. Most IT departments have a wide array of platforms and services to serve end-users and customers. Here is a typical list of critical resources IT departments must consider and the types of information and access control they represent: Windows Active Directory (2000-2008R2, 32 and 64-bit platforms) – Manages access control, permissions, and serves as the central directory for the organization. Windows Group Policies – Access control mechanisms critical to security of information and to limit risks to systems and servers bound to Active Directory. Exchange Servers – Messaging data contains confidential information from senior management, product management, marketing, production, engineering, human resources, legal, etc. Many regulations speak directly to monitoring access to messaging services. SQL Servers – Primary data storage for customer data including credit card information, patient data, social security numbers, banking information, web applications, sales data and more. Like, messaging, database access will need auditing to comply with regulations. File servers and storage appliances – Data storage for financial statements, trade records, contracts, legal documents, agreements, business and marketing plans, proprietary information, reports, collateral. These can include Windows file servers with DFS shares and clustering as well as platforms such as NetApp Filer and EMC Cellera. VMware – Virtualized systems require equal protection to that of physical systems that store data, SQL servers, Domain Controllers all serving file and data storage as well as access control systems. SharePoint – Document and data sharing across business groups, departments and units similar to SQL and file server systems and storage devices. Servers – Physical systems with local access controls, services and business critical applications and web services for sites both internal and external also to be considered a sub-requirement to all of the above. System Center Virtual Machine Manager – Virtualized systems performing access control and file storage as well as SQL storage functions. All of the above systems likely represent what most organizations will face when implementing auditing in the enterprise. Each asset behaves in a unique way and depending on the types of information stored on them or the extent to which these systems facilitate access control will carry individual priorities with regards to auditing. 6
NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure Solutions Solutions exist to address these challenges quickly and easily. These come in a wide variety of options to suit a wide range of needs. NetWrix Change Reporter Suite is a solution that can address all of these auditing needs and help sustain compliance in the enterprise quickly, easily and cost-effectively. NetWrix has a reputation for building innovative tools purpose-built for each of these concentrations. Frequent updates and product enhancements are rolled out often to meet changing needs and to support its customers providing these updates at no additional cost while on maintenance. Experienced development and technical support staff outnumber non-technical roles by 10-to-1 and NetWrix is the only provider solely focused on delivering IT auditing solutions organizations need today and in the future. Installation of NetWrix Change Reporter Suite is fast and easy. Using a two-tiered data storage model with SQL for short-term repository and flat file long term storage, audit data is centrally stored and can be maintained for seven years or more. NetWrix Change Reporter Suite easily scales to serve a broad range of organizations from small businesses with few servers to larger international corporations with as many as 100,000 Active Directory users. Environment changes are facilitated using easy point-and-click management with most components managed from a single Microsoft Management Console where modules plug-in and can be organized to match the network topology or any specific needs. One of its’ many strengths is in automatic reporting and alert capabilities. By leveraging SQL Advanced Reporting services and nearly 200 predefined snapshot and best practice reports geared towards the types of information auditors request provides a ready-to-use library of reports. Also included are report subscription capabilities to automatically deliver reports to auditors, managers and anyone else who needs to be a part of the enterprise IT auditing efforts. Reports can be generated into seven different formats such as TIFF, XLS(S) and CSV. Alerts can be configured to e-mail or SMS text message when critical events take place. Also included in NetWrix Change Reporter Suite is a powerful Active Directory Object Restore Wizard that can restore Active Directory and Group Policy changes down to even individual attribute-level changes. It is also capable of restoring file and folder permission changes. These capabilities far surpass even Microsoft Windows 2008 R2 restore functionality. At the heart of NetWrix products are the AuditAssurance™ and AuditIntelligence™ technologies for collecting audit information from multiple streams of information using accepted Microsoft practices without any risky shoe-horn techniques into the operating system APIs which can interrupt or terminate auditing altogether. Information gathered is lightweight and storage is only done for information that is necessary when extracted and stored either from event logs, tracing logs, APIs and other available sources to ensure no audit information is omitted. 7
NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure These technologies and capabilities combined translate into having the opportunity to implement enterprise IT auditing quickly and affordably from a single reputable source committed to delivering outstanding tools for organizations of all sizes and needs. Download a FREE trial of NetWrix Change Reporter Suite Valuable Resources netwrix.com – NetWrix provides purpose-built change auditing and compliance solutions, and free tools to help secure and maintain the IT enterprise. infosecisland.com – Compliance and security professionals present today’s most compelling arguments and solutions for network security and compliance issues facing organizations today. petri.co.il – The Petri IT Knowledgebase community of experienced IT professionals with articles, reviews, how-to instructions and technology updates. itil-officialsite.com – Information Technology Infrastructure Library provides best practices for IT service management focusing on aligning IT services with business needs. 4sysops.com – Great online resource geared towards windows administrators with articles, how-to instructions, technology reviews and coverage of issues related to managing Windows environments. windowsitpro.com – Website dedicated to the Windows IT professional. Site includes how-to documentation, articles on technology and topics of interest to Windows administrators. spiceworks.com – Vibrant and growing IT professional community and a free software toolkit for helpdesk and network monitoring. 8
NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure NetWrix Corporation www.netwrix.com © Netwrix Corporation. All rights reserved. Netwrix is trademark of Netwrix Corporation and/or one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners. 9

Recommandé

ERP IT Infrastructure Audit
ERP IT Infrastructure AuditERP IT Infrastructure Audit
ERP IT Infrastructure Auditvelcomerp
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructurepramod_kmr73
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 

Recommandé

ERP IT Infrastructure Audit
ERP IT Infrastructure AuditERP IT Infrastructure Audit
ERP IT Infrastructure Auditvelcomerp
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructurepramod_kmr73
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsEd Tobias
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsSOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsMark S. Mahre
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it auditkinjalmkothari92
 
IT General Controls
IT General ControlsIT General Controls
IT General ControlsCicero Ray Rufino
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationCISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationInfosecTrain
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1 Ismail aboulezz
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Managementn|u - The Open Security Community
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.pptEmmacuet
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 
Whitepaper: Datacenter Migration - Happiest Minds
Whitepaper: Datacenter Migration - Happiest MindsWhitepaper: Datacenter Migration - Happiest Minds
Whitepaper: Datacenter Migration - Happiest MindsHappiest Minds Technologies
 
Asset Management: Climbing the Asset Maturity Curve
Asset Management: Climbing the Asset Maturity CurveAsset Management: Climbing the Asset Maturity Curve
Asset Management: Climbing the Asset Maturity CurveInformation Services Group (ISG)
 

Contenu connexe

Tendances

IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsSOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsMark S. Mahre
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixJohn Yeoh
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMShantanu Rai
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity AuditEC-Council
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationExigent Technologies LLC
 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationCISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationInfosecTrain
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewTandhy Simanjuntak
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.pptEmmacuet
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)MetroStar
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit Sreekanth Narendran
 

Tendances (20)

IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security ControlsSOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
SOC-2 Framework - Plan, Budget, Design, Integrate & Audit Security Controls
 
Introduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls MatrixIntroduction to the CSA Cloud Controls Matrix
Introduction to the CSA Cloud Controls Matrix
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
Presentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCMPresentation on iso 27001-2013, Internal Auditing and BCM
Presentation on iso 27001-2013, Internal Auditing and BCM
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
 
Cybersecurity Audit
Cybersecurity AuditCybersecurity Audit
Cybersecurity Audit
 
How to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organizationHow to implement NIST cybersecurity standards in my organization
How to implement NIST cybersecurity standards in my organization
 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and ImplementationCISA Domain 3 - Information Systems Acquisition, Development and Implementation
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
 
NIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An OverviewNIST CyberSecurity Framework: An Overview
NIST CyberSecurity Framework: An Overview
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
Cisa domain 1
Cisa domain 1 Cisa domain 1
Cisa domain 1
 
Vulnerability and Patch Management
Vulnerability and Patch ManagementVulnerability and Patch Management
Vulnerability and Patch Management
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
 
COBIT® Presentation Package.ppt
COBIT® Presentation Package.pptCOBIT® Presentation Package.ppt
COBIT® Presentation Package.ppt
 
Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)Guide to Risk Management Framework (RMF)
Guide to Risk Management Framework (RMF)
 
Conducting an Information Systems Audit
Conducting an Information Systems Audit Conducting an Information Systems Audit
Conducting an Information Systems Audit
 

Similaire à How to Effectively Audit your IT Infrastructure

Whitepaper: Datacenter Migration - Happiest Minds
Whitepaper: Datacenter Migration - Happiest MindsWhitepaper: Datacenter Migration - Happiest Minds
Whitepaper: Datacenter Migration - Happiest MindsHappiest Minds Technologies
 
It implement-it-asset-management-executive-brief
It implement-it-asset-management-executive-briefIt implement-it-asset-management-executive-brief
It implement-it-asset-management-executive-briefVisal Thach
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxJoshJaro
 
Bending the IT Op-Ex Cost Curve Through IT Simplification
Bending the IT Op-Ex Cost Curve Through IT SimplificationBending the IT Op-Ex Cost Curve Through IT Simplification
Bending the IT Op-Ex Cost Curve Through IT SimplificationCognizant
 
It infrastructure management
It infrastructure managementIt infrastructure management
It infrastructure managementShoaib Patel
 
Weiler slideshow
Weiler slideshowWeiler slideshow
Weiler slideshowvjairam
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdfAliAhmed675993
 
360 IT Infra Mng&Support by Business Goals
360 IT Infra Mng&Support by Business Goals360 IT Infra Mng&Support by Business Goals
360 IT Infra Mng&Support by Business GoalsAlexandru Golosoiu
 
Temperfied 360 Infrastrucure Management & Support -- By Business Goals - web-...
Temperfied 360 Infrastrucure Management & Support -- By Business Goals - web-...Temperfied 360 Infrastrucure Management & Support -- By Business Goals - web-...
Temperfied 360 Infrastrucure Management & Support -- By Business Goals - web-...Calin DAMIAN TANASE (open to invites)
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeBrenda Majewski
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseNetwrix Corporation
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for SecurityTripwire
 
A Study on the Application of Web-Scale IT in Enterprises in IoT Era
A Study on the Application of Web-Scale IT in Enterprises in IoT Era A Study on the Application of Web-Scale IT in Enterprises in IoT Era
A Study on the Application of Web-Scale IT in Enterprises in IoT Era Hassan Keshavarz
 
It aac cloud-acquisition_roadmap2012
It aac cloud-acquisition_roadmap2012It aac cloud-acquisition_roadmap2012
It aac cloud-acquisition_roadmap2012John Weiler
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Troux Presentation Austin Texas
Troux Presentation Austin TexasTroux Presentation Austin Texas
Troux Presentation Austin TexasJoeFaghani
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.pptKhalilIdhman
 

Similaire à How to Effectively Audit your IT Infrastructure (20)

Whitepaper: Datacenter Migration - Happiest Minds
Whitepaper: Datacenter Migration - Happiest MindsWhitepaper: Datacenter Migration - Happiest Minds
Whitepaper: Datacenter Migration - Happiest Minds
 
Asset Management: Climbing the Asset Maturity Curve
Asset Management: Climbing the Asset Maturity CurveAsset Management: Climbing the Asset Maturity Curve
Asset Management: Climbing the Asset Maturity Curve
 
It implement-it-asset-management-executive-brief
It implement-it-asset-management-executive-briefIt implement-it-asset-management-executive-brief
It implement-it-asset-management-executive-brief
 
Overview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptxOverview-of-an-IT-Audit-Lesson-1.pptx
Overview-of-an-IT-Audit-Lesson-1.pptx
 
Bending the IT Op-Ex Cost Curve Through IT Simplification
Bending the IT Op-Ex Cost Curve Through IT SimplificationBending the IT Op-Ex Cost Curve Through IT Simplification
Bending the IT Op-Ex Cost Curve Through IT Simplification
 
It infrastructure management
It infrastructure managementIt infrastructure management
It infrastructure management
 
Weiler slideshow
Weiler slideshowWeiler slideshow
Weiler slideshow
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdf
 
360 IT Infra Mng&Support by Business Goals
360 IT Infra Mng&Support by Business Goals360 IT Infra Mng&Support by Business Goals
360 IT Infra Mng&Support by Business Goals
 
Temperfied 360 Infrastrucure Management & Support -- By Business Goals - web-...
Temperfied 360 Infrastrucure Management & Support -- By Business Goals - web-...Temperfied 360 Infrastrucure Management & Support -- By Business Goals - web-...
Temperfied 360 Infrastrucure Management & Support -- By Business Goals - web-...
 
NARCA Presentation - IT Best Practice
NARCA Presentation - IT Best PracticeNARCA Presentation - IT Best Practice
NARCA Presentation - IT Best Practice
 
Optimize Change Management
Optimize Change ManagementOptimize Change Management
Optimize Change Management
 
Active Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the EnterpriseActive Directory Change Auditing in the Enterprise
Active Directory Change Auditing in the Enterprise
 
Leveraging Change Control for Security
Leveraging Change Control for SecurityLeveraging Change Control for Security
Leveraging Change Control for Security
 
A Study on the Application of Web-Scale IT in Enterprises in IoT Era
A Study on the Application of Web-Scale IT in Enterprises in IoT Era A Study on the Application of Web-Scale IT in Enterprises in IoT Era
A Study on the Application of Web-Scale IT in Enterprises in IoT Era
 
It aac cloud-acquisition_roadmap2012
It aac cloud-acquisition_roadmap2012It aac cloud-acquisition_roadmap2012
It aac cloud-acquisition_roadmap2012
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Troux Presentation Austin Texas
Troux Presentation Austin TexasTroux Presentation Austin Texas
Troux Presentation Austin Texas
 
It Budget Tips
It Budget TipsIt Budget Tips
It Budget Tips
 
gray_audit_presentation.ppt
gray_audit_presentation.pptgray_audit_presentation.ppt
gray_audit_presentation.ppt
 

Plus de Netwrix Corporation

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and whereNetwrix Corporation
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureNetwrix Corporation
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsNetwrix Corporation
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryNetwrix Corporation
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetwrix Corporation
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsNetwrix Corporation
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsNetwrix Corporation
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsNetwrix Corporation
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceNetwrix Corporation
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingNetwrix Corporation
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaNetwrix Corporation
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Netwrix Corporation
 
Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerNetwrix Corporation
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesNetwrix Corporation
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementNetwrix Corporation
 
Exchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseExchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseNetwrix Corporation
 

Plus de Netwrix Corporation (18)

File system auditing who accessed what files and where
File system auditing who accessed what files and whereFile system auditing who accessed what files and where
File system auditing who accessed what files and where
 
Top 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructureTop 10 critical changes to audit in your it infrastructure
Top 10 critical changes to audit in your it infrastructure
 
Top 5 identity management challenges and solutions
Top 5 identity management challenges and solutionsTop 5 identity management challenges and solutions
Top 5 identity management challenges and solutions
 
Top 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directoryTop 5 critical changes to audit for active directory
Top 5 critical changes to audit for active directory
 
NetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don JonesNetWrix Change Reporter Suite - Product Review by Don Jones
NetWrix Change Reporter Suite - Product Review by Don Jones
 
Auditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal RegulationsAuditing Active Directory to Comply with State and Federal Regulations
Auditing Active Directory to Comply with State and Federal Regulations
 
Auditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases AuditorsAuditing Solution Enables Coaching of Staff and Pleases Auditors
Auditing Solution Enables Coaching of Staff and Pleases Auditors
 
Automated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users AccountsAutomated De-provisioning of Inactive Users Accounts
Automated De-provisioning of Inactive Users Accounts
 
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines ComplianceUSB Port Protection that Hardens Endpoint Security and Streamlines Compliance
USB Port Protection that Hardens Endpoint Security and Streamlines Compliance
 
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server AuditingHow the World's Largest Date Agriculture Company "Planted" File Server Auditing
How the World's Largest Date Agriculture Company "Planted" File Server Auditing
 
Ensuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable MediaEnsuring Data Protection by controlling the Use of Removable Media
Ensuring Data Protection by controlling the Use of Removable Media
 
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
Leading Emergency Software Solution Provider Automates HIPAA and SOX Complian...
 
Extending Change Auditing to Exchange Server
Extending Change Auditing to Exchange ServerExtending Change Auditing to Exchange Server
Extending Change Auditing to Exchange Server
 
Staying Abreast of Group Policy Changes
Staying Abreast of Group Policy ChangesStaying Abreast of Group Policy Changes
Staying Abreast of Group Policy Changes
 
The Business Case for Account Lockout Management
The Business Case for Account Lockout ManagementThe Business Case for Account Lockout Management
The Business Case for Account Lockout Management
 
Exchange Auditing in the Enterprise
Exchange Auditing in the EnterpriseExchange Auditing in the Enterprise
Exchange Auditing in the Enterprise
 
File Auditing in the Enterprise
File Auditing in the EnterpriseFile Auditing in the Enterprise
File Auditing in the Enterprise
 
File auditing on NetApp Filer
File auditing on NetApp Filer File auditing on NetApp Filer
File auditing on NetApp Filer
 

Dernier

unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 

Dernier (20)

unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 

How to Effectively Audit your IT Infrastructure

  • 1. How to effectively audit your IT Infrastructure Chris Rich NetWrix Corporation www.netwrix.com Netwrix Corporation, 12 N. State Route 17, Suite 104, Paramus, NJ 07652, USA www.netwrix.com New York: (201) 490-8840 Tampa: (813) 774-6472 twitter.com/netwrix youtube.com/netwrix Los Angeles: (949) 407-5125 Boston: (617) 674-2157 netwrix.com/linkedin netwrix.com/googleplus London: +44 (0) 203 318 0261 Toll-free: (888) 638-9749 facebook.com/netwrix spiceworks.com/netwrix
  • 2. NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure Table of Contents 1. Changes ahead: IT Auditing 2. The need to audit the IT Infrastructure 3. Planning 4. Implementation and what to expect 5. Scope of challenges 6. Solutions 7. Valuable Resources 2
  • 3. NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure Changes ahead: IT Auditing The way in which IT provides value to the organization is rapidly changing. New requirements and challenges are everywhere. From compliance, security, mobile innovations to employees bringing personal equipment into the workplace, IT has now more than any other time been pushed to the limits. Compounding these problems are threats arguably more advanced than the commercially available defenses on the market today as well as threats from trusted individuals from within the organization even including human errors that can cost organizations their reputations, trust and money. CIOs and senior leadership everywhere are beginning to acknowledge that the traditional way of doing business as an IT organization needs to change with the times to reflect these realities. Those organizations and their leadership that are prepared to take the necessary steps to revise the dynamics between them and the organizations they serve stand to benefit and thrive in the years ahead. Enterprise auditing is a strategic and cultural shift that when implemented successfully can help satisfy regulatory compliance, improve overall security and promote efficient infrastructure oversight in the face of all these changes and challenges. The need to audit the IT Infrastructure IT professionals from the helpdesk to the CIO have been charged with implementing mechanisms both native and 3rd-party to address their enterprise IT auditing needs. This task up close appears daunting to many and with good reason. The enterprise of today operates 24x7x365 and is subject to stresses of access and modifications invoked by hundred and sometimes hundreds of thousands of people each day. This growing need to audit the enterprise should come as no surprise to anyone who has been in an IT role for the past 5-10 years. Knowing who changed what, when and where throughout the organization can save hours of troubleshooting, satisfy compliance needs, better secure the environment and permit administrators to manage multiple resources that frequently outnumber staff that are now at the critical core of operations. What’s most challenging is the diversity of platforms, systems and tools employed over the years just to sustain these daily operations. Now, various regulatory entities combined with a heightened awareness on IT security, the demands presented by auditing all of these systems around the clock in all corners of the enterprise may seem as though it were a perfect storm. Adding to this challenge are IT operations that are required to function on tight budgets under constant watch even more so than revenue-generating functions of an organization. Leaders keep asking for more while tightening budgets and the only way to successfully secure, manage and maintain the infrastructure is to implement enterprise-wide IT auditing. 3
  • 4. NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure Planning To successfully audit the enterprise, there needs to be a priority list and a methodical approach to implementation that takes into account the various aspects to be addressed along the way. IT security and compliance auditing are perhaps at the top of the organizational IT priority list and therefore can expect to have some degree of senior management support. This can greatly help transform the organization because there will likely be changes that need this support to be successful. IT departments can use these follow steps to achieve their IT enterprise auditing goals: 1. Take an inventory and establish preliminary priorities Start with an inventory of systems and hardware that are owned and managed by IT including computers, servers, mobile devices, file storage platforms and even network appliances such as firewalls, switches, and routers. During the inventory, place a value on the data which they store or the role they serve and place a value on their need. Your goal here is to quickly give an estimated assessment of risk to each asset for further evaluation later. Involve Human Resources and Legal early in the process throughout to help identify those key areas that need ongoing auditing. This helps to further gain support and increase awareness across the organization. Document everything for future reference as this will form the foundation of your written plans and efforts auditors will want to see. 2. Eliminate waste, consolidate and replace assets Find opportunities to retire or replace aging equipment and platforms. These decisions will be tied to the existing budget and may be cost-prohibitive. Estimate the time required to implement any replacements or consolidations in the context of the final objective which is to audit your environment. The benefit of this assessment will be to provide awareness of what can readily be audited versus what assets may require additional effort to facilitate ongoing auditing. Document everything to measure progress and have a reference as you move forward which will also serve to satisfy auditors. 3. Categorize remaining resources from most auditable to least Looking at the systems that remain and keeping in mind what those resources represent in terms of data storage or access control, look to categorize these based on expected capacity for auditing. Some systems and hardware will more readily facilitate auditing. Best case scenario, the more auditable systems will contain the information most at-risk. Strategically, consider shifting at-risk information and resources to systems that will more readily permit auditing. Some adjustments to the environment may be justifiable before implementing any auditing solution so as to audit the most resources in the least amount of time accurately and effectively. A good example is Windows Servers. These have limited native auditing built in and this can be quickly enabled to start auditing events such as file access and logon/logoff events. Many storage appliances also have some form of built-in auditing capabilities. 3 4
  • 5. NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure Again, document everything so that everyone involved in IT and these goals begin to become intrinsically aware of the cultural changes that are taking place as a result of auditing the enterprise. 4. Look for an auditing solution that will cover the most assets in the least amount of time Implementing enterprise auditing is an ongoing, long term effort. It will become an integral part of daily IT life once the transition has been made from little or no auditing to widespread auditing. Expectations should be balanced with what can be done in the allotted time frame versus what will need to be done over the longer term. The objective when starting out or improving upon existing efforts is to make measurable progress. The absolutely most critical goal here is to select a reputable vendor with a broad set of tools that has a good record of helping customers and a proven track-record of delivering product enhancements and updates to service the constantly changing nature and requirements of enterprise auditing. Doing so will require fewer contacts, support arrangements, and licenses to maintain and manage moving forward. This will also require flexible licensing, scalability and centralized long-term data storage as your needs and environment change over time. Auditing will need to be flexible, easy to setup and operate in parallel to most major IT initiatives moving forward. The audit store will also need to be equally flexible and reportable for as long as 7 years per certain regulatory requirements. A solution that can move with rapid change will save time, money and reduce overall stress. Document and expect needs will change quickly as more information is gathered and weighed against priorities and timelines. Implementation and what to expect The amount of time to implement an effective IT auditing solution in the enterprise will vary. It’s difficult to quantify time and every environment is different. Some may have equipment that is many years old and may present special challenges to auditing while others may have a narrow assortment of technologies. These considerations will need to be mapped out in advanced and documented. To deliver auditing to the enterprise could result in 50% of the total time taking inventory and consolidating, 25% prioritization, and system/platform preparation, and 25% implementation. Don’t forget to account for documentation as this will be a measurable part of the overall effort. Starting out with the end result in mind will help establish realistic, attainable short term goals that will roll up into larger, longer term goals. Keeping a balance will help the IT department and those involved in the project including Human Resources and legal staff looking forward to each stage of the implementation while building the cultural and behavioral competencies that will be required to sustain auditing and compliance as well as security practices for the long term. Be prepared to be flexible and adjust as conditions change. 3 5
  • 6. NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure Scope of challenges Implementing enterprise auditing in diverse IT environments is common. Most IT departments have a wide array of platforms and services to serve end-users and customers. Here is a typical list of critical resources IT departments must consider and the types of information and access control they represent: Windows Active Directory (2000-2008R2, 32 and 64-bit platforms) – Manages access control, permissions, and serves as the central directory for the organization. Windows Group Policies – Access control mechanisms critical to security of information and to limit risks to systems and servers bound to Active Directory. Exchange Servers – Messaging data contains confidential information from senior management, product management, marketing, production, engineering, human resources, legal, etc. Many regulations speak directly to monitoring access to messaging services. SQL Servers – Primary data storage for customer data including credit card information, patient data, social security numbers, banking information, web applications, sales data and more. Like, messaging, database access will need auditing to comply with regulations. File servers and storage appliances – Data storage for financial statements, trade records, contracts, legal documents, agreements, business and marketing plans, proprietary information, reports, collateral. These can include Windows file servers with DFS shares and clustering as well as platforms such as NetApp Filer and EMC Cellera. VMware – Virtualized systems require equal protection to that of physical systems that store data, SQL servers, Domain Controllers all serving file and data storage as well as access control systems. SharePoint – Document and data sharing across business groups, departments and units similar to SQL and file server systems and storage devices. Servers – Physical systems with local access controls, services and business critical applications and web services for sites both internal and external also to be considered a sub-requirement to all of the above. System Center Virtual Machine Manager – Virtualized systems performing access control and file storage as well as SQL storage functions. All of the above systems likely represent what most organizations will face when implementing auditing in the enterprise. Each asset behaves in a unique way and depending on the types of information stored on them or the extent to which these systems facilitate access control will carry individual priorities with regards to auditing. 6
  • 7. NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure Solutions Solutions exist to address these challenges quickly and easily. These come in a wide variety of options to suit a wide range of needs. NetWrix Change Reporter Suite is a solution that can address all of these auditing needs and help sustain compliance in the enterprise quickly, easily and cost-effectively. NetWrix has a reputation for building innovative tools purpose-built for each of these concentrations. Frequent updates and product enhancements are rolled out often to meet changing needs and to support its customers providing these updates at no additional cost while on maintenance. Experienced development and technical support staff outnumber non-technical roles by 10-to-1 and NetWrix is the only provider solely focused on delivering IT auditing solutions organizations need today and in the future. Installation of NetWrix Change Reporter Suite is fast and easy. Using a two-tiered data storage model with SQL for short-term repository and flat file long term storage, audit data is centrally stored and can be maintained for seven years or more. NetWrix Change Reporter Suite easily scales to serve a broad range of organizations from small businesses with few servers to larger international corporations with as many as 100,000 Active Directory users. Environment changes are facilitated using easy point-and-click management with most components managed from a single Microsoft Management Console where modules plug-in and can be organized to match the network topology or any specific needs. One of its’ many strengths is in automatic reporting and alert capabilities. By leveraging SQL Advanced Reporting services and nearly 200 predefined snapshot and best practice reports geared towards the types of information auditors request provides a ready-to-use library of reports. Also included are report subscription capabilities to automatically deliver reports to auditors, managers and anyone else who needs to be a part of the enterprise IT auditing efforts. Reports can be generated into seven different formats such as TIFF, XLS(S) and CSV. Alerts can be configured to e-mail or SMS text message when critical events take place. Also included in NetWrix Change Reporter Suite is a powerful Active Directory Object Restore Wizard that can restore Active Directory and Group Policy changes down to even individual attribute-level changes. It is also capable of restoring file and folder permission changes. These capabilities far surpass even Microsoft Windows 2008 R2 restore functionality. At the heart of NetWrix products are the AuditAssurance™ and AuditIntelligence™ technologies for collecting audit information from multiple streams of information using accepted Microsoft practices without any risky shoe-horn techniques into the operating system APIs which can interrupt or terminate auditing altogether. Information gathered is lightweight and storage is only done for information that is necessary when extracted and stored either from event logs, tracing logs, APIs and other available sources to ensure no audit information is omitted. 7
  • 8. NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure These technologies and capabilities combined translate into having the opportunity to implement enterprise IT auditing quickly and affordably from a single reputable source committed to delivering outstanding tools for organizations of all sizes and needs. Download a FREE trial of NetWrix Change Reporter Suite Valuable Resources netwrix.com – NetWrix provides purpose-built change auditing and compliance solutions, and free tools to help secure and maintain the IT enterprise. infosecisland.com – Compliance and security professionals present today’s most compelling arguments and solutions for network security and compliance issues facing organizations today. petri.co.il – The Petri IT Knowledgebase community of experienced IT professionals with articles, reviews, how-to instructions and technology updates. itil-officialsite.com – Information Technology Infrastructure Library provides best practices for IT service management focusing on aligning IT services with business needs. 4sysops.com – Great online resource geared towards windows administrators with articles, how-to instructions, technology reviews and coverage of issues related to managing Windows environments. windowsitpro.com – Website dedicated to the Windows IT professional. Site includes how-to documentation, articles on technology and topics of interest to Windows administrators. spiceworks.com – Vibrant and growing IT professional community and a free software toolkit for helpdesk and network monitoring. 8
  • 9. NetWrix: #1 for Change Auditing and Compliance How to effectively audit your IT Infrastructure NetWrix Corporation www.netwrix.com © Netwrix Corporation. All rights reserved. Netwrix is trademark of Netwrix Corporation and/or one or more of its subsidiaries and may be registered in the U.S. Patent and Trademark Office and in other countries. All other trademarks and registered trademarks are the property of their respective owners. 9