Information Technology Reference
In-Depth Information
also network operating systems which are used to manage office networks which connect
wide area networks across geographical boundaries or across continents. A typical example
would be a company like Microsoft which has offices on all continents.
Operating systems are secured by applying various security measures such as hardening
the operating systems which involves closing unused ports, disabling unused functions, in-
stalling antivirus software, intrusion detection tools and patching the systems with recom-
mended patches from software developers.
The IS auditor can use information generated by various tools and logs on the operating
systems to perform an audit of operating systems. Client operating systems produce a lot
of valuable information which the IS auditor can make use of not only for auditing client
operating systems but also application systems and network operating systems.
Security Monitoring
In order to ensure effective IT security in the enterprise, a security monitoring policy needs
to be developed which can be used to monitor how security is being managed. Regular
monitoring of security provides assurance that management has oversight over security
management in the enterprise. It should be noted that security risks are ever-changing and
an enterprise will always face new risks as they conduct business operations. Enterprises
can also make use of security self-assessments in order to ensure compliance with security
policies and procedures.
In addition to implementing security measures, enterprises can also rely on IS auditing ser-
vices to provide assurance to management. Enterprises can make use of the internal IS audit
function to conduct regular review of security. In addition, enterprises can make use of ex-
ternal IS auditors or security specialists to complement the work of internal IS auditors.
Search WWH ::
Custom Search