Tyu-Gkgjgj

Only available on StudyMode
  • Download(s) : 49
  • Published : February 17, 2013
Open Document
Text Preview
SYMBIOSIS CENTRE FOR INFORMATION TECHNOLOGY

-------------------------------------------------
IT INFRASTRUCTURE
-------------------------------------------------
AUDITING REPORT
-------------------------------------------------

-------------------------------------------------
Submitted By:-
-------------------------------------------------
Division D, Group 5

Prateek Pandey 12030241206
Prerna Shriniwas Bet 12030241208
Rachna Sharma 12030241209
Rahul Vardhan Dinesh 12030241210
Rakesh R 12030241211
Ribhu Mathur 12030241212
Ritwika Naskar 12030241213
Rose Ann Boben 12030241214
TABLE OF Contents

1.Introduction4
1.1 What is IT infrastructure Audit?4
1.2 Business objectives of IT infrastructure5
1.3 Basic requirements of IT Infrastructure7
2.SITE AUDIT8
2.1Operational Procedures of Site Auditing8
2.2 Checklist for Site Auditing10
2.3 GUIDELINES FOR SITE AUDITING11
2.4 Security Aspects of Site Auditing11
3.Server Audit12
3.1 Need for Server Auditing12
3.2 Operational Procedures of Server Auditing13
3.3 Types of Server Auditing13
3.4 Actions Audited by Default or Mandatory audits14
3.5 Guidelines for Server Auditing14
3.6 Server Audit Checklist14
3.7 Checklist for server auditors16
3.8 Controls checklist for Server Audit17
3.9 Vulnerabilities in the Server Audit procedures17
3.10 Securities Aspects for Server Audit18
4.Database Audit20
4.1 Need for Database Auditing20
4.2 Operational procedures of DB Auditing21
4.3 Types of database Auditing22
4.4 Actions Audited by Default or Mandatory audits22
4.5 Guidelines for auditing23
4.6 Initial Planning23
4.7 Check list for database auditors can be as follows23
4.8 Vulnerability in the DB Audit procedures24
4.9 Controls for DB Audit25
4.10 Securities Aspects for DB Audit26
4.11 Continuity Aspects for DB Audit27
5.SECURITY AUDIT28
5.1 What is a Security Audit?28
5.2 Operational procedures of Security Auditing29
5.3 Vulnerability in the Security Audit33
5.4 Controls for Security Audit35
5.5 Risk Based IT Auditing35
5.6 Business Continuity Planning38
6.WEBSITE AUDITING40
6.1 NEED FOR WEBSITE AUDITING40
6.2 OPERATIONAL PROCEDURE OF WEBSITE AUDITING41
6.3 CHECKLISTS FOR WEBSITE AUDITORS44
6.4 VULNERABILITIES IN WEBSITE AUDITING45
6.5 SECURITY ASPECTS OF WEBSITE AUDITING45
6.6 CONTINUITY ASPECTS OF WEBSITE AUDITING45
7.Network Audit46
7.1 The key benefits of network security audits46
7.2 Types of network auditing47
7.3 Auditing Network Security48
7.4 Network Audit Checklist49
7.5 Network Vulnerabilities51
7.6 Controls52

1. Introduction
1.1 What is IT infrastructure Audit?
An IT infrastructure audit is a thorough review of your hardware, software and network to ensure your infrastructure has been well maintained and is operating effectively. It will highlight potential areas of concern as well as capabilities and limitations and can serve as a cornerstone for future planning. This audit is a useful first step for businesses looking to improve the performance of their IT systems and for businesses wanting to gain a clearer understanding of their current IT infrastructure. It is:-

* Examination of controls within an Information Technology (IT) infrastructure. * Process of collecting and evaluating evidence of an organization’s IT infrastructure. * Understanding and evaluating each control.

* Assess compliance.
* Substantiate the risk of controls not being met.
What’s included?
* A diagram of your entire network including servers, desktops, laptops and other network devices. * A comprehensive list of hardware, software and 3rd party applications running in your network. Therefore an IT infrastructure Audit should cover the following:- * Asset listing of your...
tracking img