ALL >> Business >> View Article
Auditing Considerations
When analyzing auditing requirements, consider the following:
Auditing requirements 220-701(http://www.aplus-220-701.com) are different based on computer role. Choose an auditing policy that provides the information necessary for each computer role.
Auditing provides little value unless events are reviewed. A policy should be established to review security logs.
Auditing requirements can change over time. One example would be when specific users are suspected of unauthorized file access, tampering, or improper
access. In this situation, you could set up auditing on sensitive files for these users or the groups that they are in, record security events, and then analyze the information. When the information needed is accumulated, you would remove the
auditing requirements.
Centralizing the collection of auditing events is essential to sound security event record management and might be required by regulations or industry rules.
Auditing process activity is not a good idea, in general, for production servers. It is a sound strategy for periodic use on test systems.
Recording privilege ...
... access events will also generate a large number of events.
Weigh the need to manage logs that this will create comptia security+( www.securityplus-sy0-201.com) , and determine whether this is a worthwhile event.
Setting object access auditing on files, folders, registry keys, and Active Directory objects can be affected by inheritance rules. When setting object auditing, you can set the requirements on a parent object and require that audit settings are pushed to subobjects by inheritance. You can also prevent the inheritance of SACLs by clearing the Allow Inheritable Auditing Entries from the Parent to Propagate to This Object and All Child Objects. Include These With Entries Explicitly Defined Here check box. Figure 9-24 illustrates this concept. The Marketing folder has inheritance blocked. Setting auditing for parent folders will have no affect on the Marketing folders.
Example of Taking Ownership By default, administrators have the user right to take ownership. To protect confidential information, data owners might request that the IT administrator not have access privileges on sensitive files. This can easily be done by removing the administrator's group access permissions on the files. However, the admin-istrator can take ownership of the file and give herself any access she wants. Nothing can prevent her from doing so. However, you can audit files that are configured to block administrator access CompTIA(http://www.certtopper.com) by auditing for this event and tracking object access events.
Add Comment
Business Articles
1. Military Spring Snap Hooks | Buckles InternationalAuthor: Buckles International
2. Fast Cash Loans Online: An Enticing Combination Of Features
Author: Lucy Lloyd
3. Why Retail Billing Software Is Essential For Modern Retail Businesses
Author: Ginesys
4. Top Quality Kvak Bird Food From Feather Incorporation
Author: Kvak bird food
5. Easy & Quick Short Term Loans Online To Make Your Life Easier
Author: Robert Miller
6. Luxury Wedding Cars: The Perfect Touch For Your Big Day
Author: Andy
7. Unlock Growth Opportunities With The Booming Mena Bpo Market
Author: Andy
8. Top 10 Website Development Company In India
Author: Karthika
9. Efficient Online Petrol Pump Software For Modern Fuel Management
Author: Rupasri
10. Why Is Financial Reporting Crucial For The Success Of Small Businesses?
Author: Bappaditta Jana
11. How Iso 27001 Consultancy In Telangana Helps Mitigate Cybersecurity Risks
Author: Qadit
12. The Importance Of Iso 27001 Consultancy In Telangana
Author: Qadit
13. The Importance Of Strategic Finance In Today's Business!
Author: Bappaditta Jana
14. Make Restaurant Management Easier With Our Restosoft-restaurant Billing Software
Author: restosoft
15. Osumare: The Best Seo Company In Delhi
Author: Anushka