NetVision

NetVision Company Blog

A Discussion on Effective Audit of User Access

Demo – Getting Who Has Access (with Details)

Tags: , , ,

Today, I launched a 3 minute demo of Access Rights Inspector‘s ability to generate a quick report on everyone that has access to a given file — and how they got the access (inheritance, group memberships, etc.).  Obviously, it’s only a quick glance at what the product can do, but if it piques your interest, please let us know.

Active Directory UserAccountControl

Tags: , , ,

Here’s a link to our Active Directory UserAccountControl Quick Reference Guide.  It’s not intended to be a complete reference on the UserAccountControl attribute, but rather a quick reference for common values related to Access Rights.

It includes things like checking for password not required, password set to not expire, disabled accounts, and smart card required.

Windows File System Permissions

Tags: , , ,

Here’s a link to our Windows File System Permissions Quick Reference guide.  It gives you the permissions as labelled in the Windows Security dialog and then lists how that permission affects both folders and files.  In most cases, permissions are applied slightly differently depending on whether the object is a file or folder.

Continuous Audit

Tags: , ,

In this article from CFO magazine, the author discusses the value of Continuous Audit.  He tells the story of Harrah’s Entertainment and their 24×7 approach to audit.  One interesting quote:

Increasingly, though, individual practitioners see the cutting edge as auditing 100% of data relating to transactions, processes, policies, or whatever else is to be audited, rather than reviewing small samplings at longer intervals, as many organizations still do

You might be thinking easier said than done.  But getting back to the original point, with Continuous Audit, 100% sample is actually easily accomplished because every relevant event can be parsed through a policy filter and flagged when appropriate.

NetVision has recognized the value of Continuous Audit for more than a decade.  We believe there are two sides to an effective audit program – (1) current state assessment and (2) real-time monitoring.  And we hear from our customers that (like Harrah’s) they see real value in including real-time monitoring.  Putting Continuous Audit in place makes compliance audits move quicker and cost less.  …not to mention the obvious benefits to security.

© 2009 NetVision Company Blog. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.