Addressing Active Directory Auditing and Compliance challenges using ADAudit PLus

ADAudit Plus web based Active Directory Auditing and Reporting Solution arms administrators with the most necessary reports to facilitate easy access to information and proactively take any corrective action, if necessitated.

Continuous Auditing http://4topauditingandaccounting.blogspot.com/

Siemens has successfully installed automated audit and monitoring solutions in various divisions and shared service centers to address controls for segregation of duties and changes to the general ledger and to monitor controls for processes such as purchase-to-pay and order-to-cash. These proof-of-concept installations have proved successful in demonstrating the capability and value of continuous controls monitoring technology. Plans are in place to expand the use of audit automation tools at Siemens to leverage common enterprise resource planning (ERP) platforms and shared service centers to improve audit and compliance. These tools are also envisioned to support other key business processes such as operational effectiveness through monitoring, assuring process conformance, real-time closed-loop monitoring of key business performance indicators and to reduce travel and improve the quality of work life for the auditors and compliance personnel.

Securing and Auditing Servers

It is as simple as the diagram spells it out for you. First, document what your standard happens to be. Then, have someone independent come in and collect data on your server instances and compare to your standards. If any changes are necessary you plan for them to happen, implement them, and then repeat the process again.

Detailed Auditing & Reporting

Several public and privately-owned businesses have strict auditing requirements that govern how their I.T. department manages Active Directory, as well as how other business units interact with this information. A main problem with today’s standard network management tools is the lack of reporting and auditing. Many companies require their administrators to maintain manual listings of all changes & updates made to specific information systems, such as Active Directory. The cost of maintaining these lists manually is often very expensive and not strictly enforced, leaving gaps in the auditing and logging processes.

FireFox JPEG Map of Etical Hacking Extensions

This picture shows the excellent FireFox extension pack for Ethical Hacking, Security Auditors, and System Administrators.  Zoom in to view the various extensions.

New Destructive auditing

When I first entered the management system audit arena, it was common practice to measure auditor skills by the number of Non-Conformance reports they managed to raise. As an unwilling newcomer I found this a disturbing feature of a business I didn't want to be in, but interestingly my efforts to extradite myself from the audit function led to a change in the responses I got from auditees. By auditing for confirmation of satisfactory outcomes, as opposed to auditing for failure identification, the results while not converting auditees into welcoming friends, did produce a change in attitude to a pending audit notification. Auditees came see audits as an opportunity to discuss their work free of fear that the discussion would be used against them to further the reputation of the auditor, and gained from the experience.