Abstract
This paper presents the basics of an information systems security audit, through a real security audit carried out on a medium-sized organization. The audit was the 1/sup st/ security audit done on the company and would serve as a security baseline for future audits. An effective security audit should not be a one-time event but rather an ongoing process. Security is a delicate balance between protection, availability and user acceptance. We start the security audit at the outside of the network and gradually work our way inward. We performed a vulnerability check on the exposed IP addresses and ports. Each of the vulnerabilities found was carefully assessed to see if it violated the security policies of the organization. An analysis of firewalls and various remote access methods of the organization were also evaluated. Using a wireless network sniffer, we found the footprints of the wireless LAN and some interesting results were obtained. Finally, some sensitive managerial issues and findings of an awareness survey of information security were presented.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
