HOW TO AUDIT ADMINISTRATORS IN AN ORGANIZATION | IMPORTANCE AND STEPS TO PERFORMING AN EFFECTIVE ADMIN USER AUDITING
How to audit information system administrators in an organization is an important strategic question that every business leader should be asking now. Administrators are the gateway to and from vital information in every organization. In today’s world that overly relies on IT (information technology) for virtually everything that we do, few individuals can be extremely powerful in an organization.
Systems administrators can grant or revoke access to a company’s IT infrastructures, gain access to all forms of information in a company, and even control all data inflow and outflow within and out of an organization. This can translate into a significant risk if not controlled. The big question then becomes: who will watch over the watchman?
In an attempt to provide an answer to the above question, various information security experts have pointed out certain steps that needs to be followed so as to ensure that the watchman (in this case systems administrators) are reasonably watched over.
QUESTIONS THAT CAN HELP TO AUDIT ADMINISTRATORS
You will agree with that it is usually difficult to monitor the activities and actions of an admin in a complex organization that handles large amount of information on a daily basis. However, providing answers to vital information security questions can help reduce the excessive power given to senior information custodians in an organization.
- Are there policies and procedures in place to check the operations and activities of privilege users?
- Is there capable software that can log all activities?
- If yes, is there a system in place that ensures that this capability is always enabled?
- Are there group of individuals that review the log activities?
- If yes, how often are these logs reviewed?
- What kind of rapport or relationship exists between the team of reviewers and the privilege user?
- How often is the review members rotated?
- What is the password management policy of privilege users of a system?
- Where are passwords stored?
- Are there specific roles assigned to privilege users?
- Can admin ID be accessed from a remote system or from a designated system?
- If a remote access is allowed, is the entire session adequately logged and analysed?
The above questions are by no means exhaustive but provide a basis for other relevant questions that can help organization audit her administrators. Providing reasonable answers to the above questions and providing solutions or counter measures to identified weaknesses is a key success factor that will help guarantee the successful campaign of securing the information system of a company.
The importance of information systems auditwill be highly highlighted in a bid to tackle issues raised by these questions. It is very important to closely monitor the activities of the system administrator in an organization. Remember that one of the main duties of the admin user is to monitor other users. Now what do you think will happen if this powerful individual is left unchecked for a substantial period of time?
The intention of this article is not to replace the comprehensive information system auditing steps, standards, and procedures that IT and IS auditors follow, but acts as a thought provoking article to help responsible officers ask the right kind of questions that will help identify weaknesses and vulnerabilities in privilege role ID managements.