Auditing and Compliance in Windows Server 2008

  

In the world of information technology, change is timeless. If your IT organization is the same as most other organizations, understanding the changes that occur in your environment can be a stress you have to face, and this pressure is increasing. The complexity and scale of the IT environment continues to grow, and the impact of management errors and unexpected data breaches is getting worse. Today's society requires organizations to be responsible for such incidents, so organizations now have legal responsibilities to protect the information they manage.

As a result, changes in the audit environment become critical. Why? Auditing provides a way to understand and manage changes in today's highly fragmented, large IT environments. This article covers the common challenges faced by most organizations, the prospects for compliance and regulation in IT organizations, some of the basic reviews, and how they can be improved with Microsoft System Center Operations Manager 2007 Audit Collection Services (ACS). Comprehensive audit strategy.


At a glance, the news headline will reveal that data leakage has become a common problem. Many of these incidents involve litigation, financial losses, and public relations issues that organizations are responsible for. Being able to interpret changes that occur or to be able to quickly identify problems is key to reducing the impact of data leakage events.

For example, suppose your organization is responsible for managing Personally Identifiable Information (PII) for a given customer base. Although there are multiple ways to protect the information contained in the systems you manage, there may be security issues. With proper review, organizations can accurately identify systems with security issues and data that may be lost. Without review, the impact of data loss can be significant, mainly because there is no way to estimate the level of harm.

So why haven't IT organizations do this? The reason is that most organizations don't fully understand the technical aspects of the audit. While senior management usually only understands concepts such as backup and restore, the changes in the audit environment are inherently complex, a message that is difficult to convey. Therefore, issues related to auditing usually only emerge after a major incident has occurred. For example, although a basic review might be enabled, if the system is not configured to review a particular change due to lack of planning, the information will not be collected.

In addition, there are some inherent issues in the audited security incident that require IT professionals to handle it. One of the difficulties is the distribution of systems in today's large computing environments, which poses serious challenges for collection and aggregation, as changes can occur in any one or a group of systems at any given time. There is another challenge – association. Sometimes it is necessary to convert the relationship between a single system and events on multiple systems to provide the true meaning of what is happening.

Another issue to be aware of is that audits often go beyond the boundaries of traditional organizations. Different organizations or team structures exist for different reasons and may not be easy to connect. Many organizations have a directory service team, a messaging infrastructure team, and a desktop team, but there may be only one security team responsible for all of these areas. Moreover, specialized security personnel within the organization may not appear in all locations. For example, a branch office typically relies on a single person or a small team to take care of all tasks, including security event log management.

Finally, a large number of events are also a challenge. The amount of event logging for audited security events is much larger than the amount of data for other types of event logging. The number of events collected makes it very difficult to effectively retain and view logs. Moreover, both the current regulations and the proposed regulations require that this information be retained and therefore do not help to reduce this burden in today's computing infrastructure.

Previously, audit access information may have been summarized as hoping to know and try to be safe. Organizations and senior management of organizations are now legally responsible for the leakage of information or the lack of proper protection, so it is important for IT administrators to be familiar with the various regulations that may apply to their environment. For global companies, the challenge is even more critical because each country has its own information and protection regulations. Some examples of existing compliance regulations are listed in Figure 1, along with some of the expectations of the IT organization.


Section 404 of the Sarbanes-Oxley Act (SOX) of 2002 recognizes the role of information systems and requires listed companies to review the internal control of financial reporting annually.

The Health Insurance Portability and Accountability Act (HIPPA) is dedicated to the security and privacy of health data; the "Security Rules" cover the management, physical and technical protection of this data.

eDiscovery defines the criteria for document retention and access, including determining the scope and access methods of document access personnel.

The Federal Information Security Management Act of 2002 (FISMA) Federal Requirements provides a comprehensive Information Security (INFOSEC) framework for the US government system, coordinating with various law enforcement agencies to establish commercial products And control and recognition mechanisms for software functions. Section 3544 covers the responsibilities of the organization (including IT controls).

Federal Information Processing Standards (FIPS) Release 200 specifies the minimum security requirements for federal information and information systems and outlines the recommended usage found in NIST Special Publication (SP) 800-53. In Section AU-2 (Auditable Events) of NIST SP800-53, the specified information system must be able to compile audit records from multiple components into system-wide time-related audit trails that can be audited by a single component. And ensure that the organization reviews the auditable events on a regular basis.

With all these legal pressures in mind, what do IT professionals need to do? IT managers and technicians need to build clear and concise scenarios and make them available to people inside and outside the organization. This includes developing a correct audit strategy (requires prior assessment and investment). The key concept here is that audits cannot be designed afterwards as is common.

Such IT challenges can often be addressed through a combination of people, processes and technology. For auditing, it is the process. Therefore, the first step should be to master the basics in order to be able to respond to the organization's needs and requirements for compliance. We first introduce some of the basics of auditing in Windows, and then delve into the changes in Windows Server 2008 and Windows Vista®. Previous 12 3 4 5 6 7 Next Read more

Copyright © Windows knowledge All Rights Reserved