Security Audits – CompTIA Security+ SY0-401: 2.3

Nobody likes an audit, but it’s one of the best things you can do to provide a check of your network security. In this video, you’ll learn the importance of an audit and which audit types may be appropriate for your organization.

<< Previous Video: User Rights and PermissionsNext: Data Loss and Theft Policies >>

These audits become really important. We’re able to really get down and understand what’s going on. But the name is not one we like to hear– somebody’s now auditing what we’re doing. This double checking becomes an important part of your policies. You really have to police yourself. Sometimes you’re bringing in a third-party to look over what you’ve done, to make sure the things that you put in place are really going to work the way you’d like. And ultimately the idea is that your network’s going to be more secure, and you’re going to have the right information set the way you really expect them to be.

You really have to watch this, because even over a very short period of time, things can change rapidly. A new project is being put in, a very short time frame, maybe some corners are cut relating to security, and now you’re going to have to go back and look at what type of security afterwards was provided to all of these people. You also have to think about how often you’re going to have a look at these things. You have to spend some time, or set aside some time every month, every few months, every year, to go back and look at what was going on. It’s going to be pretty important to see what’s going on.

There’s certain actions that can be automatically identified, certain things that occur where you can get a message, a red flag, or something that shows up in your logs that says, wait a second. Last week three people were given administrator access. Is that something I want to allow or not?

But you have to have systems in place to be able to look over those things. If you don’t have a way to have something automatically go through your logs, or have messages automatically sent to you, it’s very possible that all of these checks and balances that you’ve put in place could be completely missed. And now you have people that have access to the network or to resources that really shouldn’t have.

There are different areas of auditing we should focus on. One is a privilege auditing. We’ve talked a little bit about that. Making sure people have rights and permissions to the areas they should have. And if they should not have those particular rights, make sure they don’t have those rights.

We’ve already talked about the different administrators that might be on your network, making sure that people who are administrators or not administrators are configured properly. There’s also usage auditing. Are people using the technologies that we have in the proper way? Are people using our internet connection for work purposes or not? Are our systems and our applications on our network configured in a way that are secure? That usage auditing will allow us to see if people are gaining access to these systems or gaining access to these applications and really should not be.

There’s also an auditing we should do regarding our processes and procedures, especially for disaster recovery. If we have an incident and we want to manage what happens during that incident, do we have everything in place to be able to make those particular technologies for disaster recovery, for incident management, are all of those processes going to run the way we would expect? So make sure that we audit that and the way that we escalate information during those particular circumstances.

And lastly, our administrative auditing– are we documenting things we should be documenting? Are there places we’re missing information? We need to make sure that we’re capturing as much as possible that we’ll be able to use later on.