How to secure your organization or what is Security Audit

How to secure your organization or what is Security Audit

Security Audit is an assessment or a security policy standards in an organization folowing to secure the site.In a simple way it is a Process of continual effort to improve data protection

And a Security Policy is how effectively organizations keeping the Security being implemented.

I may request readers to read more best security practices and use good Security Templates.It is a good practice to have a written security policy.

Note:To make sure all the employees have the knowledge of the policy and ensure that everyone at every level understands how to protect the data.
And also know how to act when it breaches.

You can stick the note everywhere what is the security policy you are folowing.It is my humble request do not waste more paper for this,or can do it electronically.For eg put a text note while user logging to the systems.

Comming to the security practices few are the Tips

Pasword policies
Is the passwords are crackable?
Do not use any gussable passwords and not too shorts
Where all the local Administrators accounts are strong?
Should use passwords with mix of Alphabets,Numerics,Symbols
Do any users usingĀ  with out password?
It is to be point out the Accounts are protected with passwords
Are there audit logs to record and logs reviewed?
Where there guest accounts are opened?
Do not open guest accounts,In case users are for few days also create an account and disable after the user leaves
Are the Passwords updating regularly?
Change the passwords regularly,At least in a periods of 45-60 days.

Data security policies
Do have a knowledge who have the rights to access Datas?
Are they using Permissions?
Shared folders are in a secure places?
What all the security permissions for each of the users?
Where there using Encription?

Network level policies
Where there uses have rights to downoad the softwares and tools?
Do they have a secure traffic between the Remote sites?
Are there a strong passwords using External traffic?
Who all have management controls, authentication/access controls?
Are you conducting regular audits?

System level policies
Are the users have rights to install and configure softwares?
Who all having access to servers and networks?
Are these operating systems and applications updated or patched?
What about the Backups and is that updated?
Is the backups are storing in a secure places and encrypted?
Do you have a Disaster Plans to Recover the Datas?
Any Certificates are using for Internet Communications?
Do have configuration and code changes documented?
How are these records reviewed and updated?
Antivirus are updated?


Posted on April 17, 2011, in General, Uncategorized, Windows. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: