I haven't posted in a few weeks but after a few recent meetings, I felt it would be a good idea to start a discussion on user auditing. Most organizations have some form of user directory or white pages where one can find another user's department, contact information and perhaps some other basic information. However, the clients I met with were struggling to display more detailed information regarding an individual's group memberships, access permissions, and folder permissions.
This type of information may be more detailed than most user's would need to regularly see, but it can be very important for auditing, compliancy and risk management standards. How easy is it for you to locate someone's folder permissions or even more, to see how this might have changed over time? Understanding this information will give you much better control over your IT security policy, but will also give you an upper hand when it comes to meeting regulations covered under SOX, HIPAA, etc.
With these changes and especially in this era of increased network attack and data breaches, it is crucial for an organization to report and follow on:
- a list of requests and changes in the total time period x.
- an overview of the group membership (and per user).
- an overview of NTFS permissions (and per user).
- an overview of the accounts that have not logged more than 30 days.
- an overview of the disabled or blocked accounts.
- the number of requests for a particular function or for a particular department.
- the number of outstanding requests.
- the average handling period
A solution such as Tools4ever's User Management Resource Administrator (UMRA) can easily assist you in these areas. UMRA automatically records management operations and changes to accounts and permissions. This detailed data is then readily available for later audit and reporting purposes. This type of solution can also provide you export functionality; reports that can be generated in a variety of different formats. This means that companies, at any moment, have insight into the processes involved and whether that they comply with security policies and regulations governing and law.
For more information, please visit: http://www.tools4ever.com/solutions/audit-compliance/