Active Directory - Audit Program and Testing Procedures

This audit program is designed to help audit, risk and security professionals facilitate the review of the Active Directory control environment. This audit program will help you identify any inherent risks, minimize exposure to such risks, ensure that necessary controls are in place and operate effectively, and ascertain reliability of the Active Directory.

This audit program is based on the latest auditing standards. It contains a comprehensive listing of control objectives and recommended controls to meet the objectives; interview topic recommendations and control documentation recommendations. It also contains detailed testing procedures, rather than generic descriptions of the controls & the tests to be performed. You'll receive step-by-step instructions on extracting information from the system in support of individual control activities.

*NOTE* See below for more details. Also, use "preview" icon to take a look inside (view a part of the audit program) to ensure it's right for you.

Audit Programs

This audit program covers all principal process areas in IT and provides a solid framework for assessing a wide array of key internal controls in Active Directory (47 controls) that form a foundation of a well managed and secure system.

Control framework overview:

Batch & online processing - controls to ensure that operations around scheduling (i.e. Task Scheduler Wizard, Windows AT Job Scheduler), performance, and monitoring of IT programs and processes in Active Directory are adequately supervised to ensure complete, accurate, and valid processing and recording of information.

Backup and recovery - controls to ensure that Active Directory data is appropriately managed during the update and storage process to ensure it remains complete, accurate, and valid.

Physical security - controls to ensure that adequate physical security mechanisms are in place and operate effectively (access to the building & immediate surroundings of computer equipment, etc.).

Logical security - controls to ensure that system security settings in Active Directory are adequately configured and appropriately safeguarded to protect against unauthorized modifications that may result in inaccurate, or invalid processing or recording of information:

Passwords parameters for the Active Directory domain & any relevant OUs (i.e. Default Domain Policy) or similar authentication mechanisms in Active Directory
Active Directory security settings (group & domain security option settings, audit policy settings, event log settings, etc.)
User access privileges in Active Directory (new access, removal of users, segregation of duties, privileged access, etc.)
Security patches & fixes applied to prevent exploitation of known security vulnerabilities
Access restriction mechanisms for critical Windows system files and data files in Active Directory (file shares, etc.) and much more.

Change management & control - controls to ensure that network and communication software is acquired, developed or modified, implemented, and managed in a manner that supports accurate, complete, and valid processing and recording of information.

Everything has been conveniently pre-documented with fill-in fields for company-specific information (entity name, date, data extracted from the system, etc.) which will allow you to proceed with your assessment immediately.

Please refer to the "preview" icon above to take a look inside (view a part of the audit program) to ensure it's right for you.

Price: $35.00 (Instant Download)