Page 150 - Courses
P. 150

Logical Security Applications


            Logging

            Critical system events are logged and piped to another server. Logs are reviewed regularly for trends
            and anomalies, and follow-up occurs.

            Auditing OS Layer Security

            In order to audit OS layer security:
            1.  Test appropriateness of operating system configuration parameter settings.
                     OS configuration should be documented. Many OS parameters may be configured per
                       vendor best practices. In this situation, variants to best practices are documented.
                            If the configurations are documented, comparing an extract from the OS to the
                              formal documentation would suffice for this test.
                                   Note: Availability will determine if this can be completed systematically
                                     using software already utilized by the IT department.
                     If no documentation exists, a sample of settings could be discussed with the system
                       software team to gauge their knowledge level and understand why the setting exists as
                       stated (e.g., do they understand why the setting is configured as is, and if not, then why
                       not?) Also, the vendor’s or other best practice guidance may exist from third parties that
                       can be used to evaluate settings.
            2.  Test adequacy of server hardening procedures.
                 Ensure a systematic, documented, formalized, and consistent process is used to create
                   hardened OSs. This includes documented procedures.
                 Ensure a server’s security is re-evaluated prior to placing it into production, especially if
                   applications were loaded since the original operating system was installed.
            3.  Test adequacy of OS configuration procedures.
                 This relates to the adequacy of controls in the change management process.
                 Ensure that an inventory of computers (servers) is maintained along with associated OS
                   version and patch level. The inventory may also contain hardware specifications.
                 Ensure that patch levels are updated. A comparison of current patch levels to those on the
                   vendor site could occur. If specific patches are not implemented, follow up to validate
                   reasons.
            4.  Obtain a sample of users and their current access capability and review for appropriateness.
            5.  Test to ensure that a periodic review of user’s access capability is performed.
            6.  Test to ensure that any requested changes are corrected in a timely manner.
            7.  Test to ensure that logs are enabled, reviewed for trends and anomalies, and timely follow-up
               and correction occurs.
            8.  Test to ensure that antivirus software is updated.

             TOPIC 5: SUMMARY

            Learning Objectives

            These learning objectives were covered in this course.
            Copyright © 2022 by The Institute of Internal Auditors, Inc. All rights reserved.
   145   146   147   148   149   150   151   152   153   154   155