WeBex Meetups (1.5 hrs)
Weekly Slides Deck:
it-service-delivery-and-support_network
Network, network security and administration overview
Discussion
- Risks and controls associated with a company’s network
- Network Auditing Program
Activities:
Video: Warriors of the Net
https://www.youtube.com/watch?v=HOaIqQAeaik
Quiz #5 via Blackboard
Weekly Reading Assignments:
IT Auditing
- Chapter 14: Auditing Cloud Computing and Outsourced Operations
- FFIEC Outsourcing Booklet: http://ithandbook.ffiec.gov/ITBooklets/FFIEC_ITBooklet_OutsourcingTechnologyServices.pdf
Access Control Comparison:
| Good Company | Bad Company |
| All access is 2 factor | All supporting members above the rank of helpdesk have “domain admin rights” to make their job easy |
| All access is role based | The IT department has admin rights tied to their normal everyday accounts |
| All roles are determined by job functions | Some users in audit have local admin rights; audit regularly needed to update their auditing software |
| Permissions are designed from Least to Most Restrictive across all OS platforms, files, and devices | Logging is turned on, but the logs overwrite themselves every 7 days because of lack of space |
| Monthly metrics are collected on all systems to ensure they are in compliance | |
| CIO and CFO each only have ½ of the Enterprise Admin. credential |