Systems administrators can grant or revoke access to a company’s IT infrastructures, gain access to all forms of information in a company, and even control all data inflow and outflow within and out of an organization. This can translate into a significant risk if not controlled. The big question then becomes: who will watch over the watchman?

In an attempt to provide an answer to the above question, various information security experts have pointed out certain steps that needs to be followed so as to ensure that the watchman (in this case systems administrators) are reasonably watched over.

QUESTIONS THAT CAN HELP TO AUDIT ADMINISTRATORS

You will agree with that it is usually difficult to monitor the activities and actions of an admin in a complex organization that handles large amount of information on a daily basis. However, providing answers to vital information security questions can help reduce the excessive power given to senior information custodians in an organization.

• Are there policies and procedures in place to check the operations and activities of privilege users?
• Is there capable software that can log all activities?
• If yes, is there a system in place that ensures that this capability is always enabled?
• Are there group of individuals that review the log activities?
• If yes, how often are these logs reviewed?
• What kind of rapport or relationship exists between the team of reviewers and the privilege user?
• How often is the review members rotated?
• What is the password management policy of privilege users of a system?
• Where are passwords stored?
• Are there specific roles assigned to privilege users?
• Can admin ID be accessed from a remote system or from a designated system?
• If a remote access is allowed, is the entire session adequately logged and analysed?

The above questions are by no means exhaustive but provide a basis for other relevant questions that can help organization audit her administrators. Providing reasonable answers to the above questions and providing solutions or counter measures to identified weaknesses is a key success factor that will help guarantee the successful campaign of securing the information system of a company.

The importance of information systems auditwill be highly highlighted in a bid to tackle issues raised by these questions. It is very important to closely monitor the activities of the system administrator in an organization. Remember that one of the main duties of the admin user is to monitor other users. Now what do you think will happen if this powerful individual is left unchecked for a substantial period of time?

The intention of this article is not to replace the comprehensive information system auditing steps, standards, and procedures that IT and IS auditors follow, but acts as a thought provoking article to help responsible officers ask the right kind of questions that will help identify weaknesses and vulnerabilities in privilege role  ID managements.

Knowledge is power but, information is the driving force behind that power. We now live in the era of information superhighway where it takes nano seconds for information to be disseminated all over the world. This fact makes it logical to conclude that the success or otherwise of a business is largely linked to the ability of the business protect her information assets, control her information and ensure that information system actually adds value to a company. The aim of this article is to highlight the importance of auditing information systems and also to look at the role of information systems audit.

IMPORTANCE OF AUDITING AN INFORMATION SYSTEM

For any business (for profit or for non profit) to survive, it must have an adequate information security system in place. How to know that a system is secured is when an audit is carried out on the system. Most company employ the white-hat hacking techniques to identify loopholes that need to be closed in their information system.

In a nut shell, the world would be a worry free place if we have the assurance that are information (trade secrets, private information, personal identity, etc) are safe, hence, the importance of auditing an information system.

TO ENSURE THE SECURITY OF INFORMATION

Information is a vital asset of any entity that needs to be seriously secured or face the consequence of not doing so. Information security has become so vital that many large organizations have full fledged department that handles the inflow and outflow of information. Information security is not all about securing the data in your data warehouse, it goes beyond that. By information security audit, the activities of actors in the information domain need to be monitored more than ever. The advent of mobile computing and Smartphone created a new loophole in the business of handling information which the information audit must track down and proffer solution to. Just recently, a young computer scientist working with a leading cloud computing company got drunk on his way back from the office and misplaced his personal portable device loaded with information that have weak or no security. This brief analogy is an example of the kind of ugly incident that can easily be avoided if a sound information systems audit had been undertaken.

TO FILTER OUT NOISE IN THE SYSTEM

Noise in any information system is a key factor that causes mistakes, misunderstandings and misrepresentation of facts which has proved to be fatal over the period of time. It is by auditing the system that carries the information flow that such noises are identified and corrective action taken to either remove or ameliorate their effects on the organization.

CREATION OF JOBS

This may sound weird but, it is the fact of the matter. The information systems audit profession have over the last decade created more jobs than lots of other sectors. There is hardly a project that is carried out now without evaluating the security of that project. Suffix this to say that part of the role of information audit is to stimulate the economy through series of job creations.

BUILDING CONFIDENCE AND PUBLIC REPUTATION

The general public would rather go with a secured system with lesser benefit than with an unsecured system with more benefits. This is more pronounced in the world of business and investment where investors seek the safety of their capital first before profit. This is a rational thing to do as the number one tenet of investing  and financial management is to ensure the safety of your capital. The general idea behind any form of auditing of any kind is to render credibility to a piece of information

The role of information auditing also include improving the general standard of living in an economy. Through adequate information audit, treats to human lives and properties are identified and remove if possible. This will also go a long way in preventing these cycles of global financial crisis that we face these days.