Referenced Items are not available for this document.
This paper presents the basics of an information systems security audit, through a real security audit carried out on a medium-sized organization. The audit was the 1st security audit done on the company and would serve as a security baseline for future audits. An effective security audit should not be a one-time event but rather an ongoing process. Security is a delicate balance between protection, availability and user acceptance. We start the security audit at the outside of the network and gradually work our way inward. We performed a vulnerability check on the exposed IP addresses and ports. Each of the vulnerabilities found was carefully assessed to see if it violated the security policies of the organization. An analysis of firewalls and various remote access methods of the organization were also evaluated. Using a wireless network sniffer, we found the footprints of the wireless LAN and some interesting results were obtained. Finally, some sensitive managerial issues and findings of an awareness survey of information security were presented.
Published in:
Electrical and Computer Engineering, 2004. Canadian Conference on
(Volume:1
)
Date of Conference: 2-5 May 2004
- Page(s):
- 193 - 196 Vol.1
- ISSN :
- 0840-7789
- Print ISBN:
- 0-7803-8253-6
- INSPEC Accession Number:
- 8097521
- Digital Object Identifier :
- 10.1109/CCECE.2004.1344989
- Product Type:
- Conference Publications
About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies
A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.
