Page 8 - Password administration review-Guilford ES
P. 8

Emergency Services:  Password Administration Review



                                       SCOPE AND METHODOLOGY

               During the review process, sufficient and appropriate procedures were performed, and
               documented evidence was gathered to support the accuracy of the conclusions.  The findings and
               conclusions are based on a comparison of the conditions that existed as of the date of the audit,
               against established criteria and practices at Emergency Services.

               To determine whether password controls were effective, we

                   •  Evaluated the policies around password protection
                   •  Documented processes via Interviews, Questionnaires, Flowchart, Analytical Procedures,
                       Change Audit, SQL queries, etc.
                   •  Reviewed evidence to ensure passwords were changed/reset within 180 days
                   •  Reviewed terminated employees from July 2018 to July 2019
                   •  Evaluated users’ administrative rights
                   •  Reviewed governance processes (if any) of the access security function
               Our approach to this review was comprised of the following tasks:

                   •  Gained an understanding of the policies, procedures and general controls in place
                   •  Performed a desktop review of key relevant IT policies and procedures
                   •  Conducted meetings with relevant stakeholders
                   •  Conducted a walkthrough to evaluate the design and implementation of relevant controls
                       and review relevant documentation
                   •  Performed testing on a sampling basis of the identified key controls to evaluate their
                       operating effectiveness
                   •  Observed password activity and
                   •  Reported any gaps/weaknesses identified






















                                                                                                            7
   3   4   5   6   7   8   9   10   11