Account Audit Archives - MSI :: State of SecurityMSI

Authentication mechanisms are essential for organizations to protect their data and systems from unauthorized access. However, auditing these authentication mechanisms can be a challenge due to the complexity of the systems and the ever-evolving nature of cyber threats. This blog post will explore some of the challenges associated with auditing authentication mechanisms in organizations.

Challenges

1. Disparate Authentication Practices – As an auditor, you’re likely to come across a variety of authentication practices that can be difficult to manage. From different passwords to separate systems, disparate authentication requirements can be a major roadblock when auditing authentication mechanisms. To help reduce this challenge, organizations should establish strong identity and access management policies and ensure compliance with relevant regulations.

2. Staffing and Evidence Collection – The challenge of finding and retaining qualified staff who are knowledgeable and experienced in auditing authentication mechanisms is a common issue. Additionally, effective evidence collection is essential to successful audits, yet ensuring that meaningful data is gathered efficiently can be difficult.

3. Internal Controls – Auditors must ensure that the controls in place are sufficient to reduce risks associated with authentication processes. Weak access controls can lead to costly mistakes, potentially risking the organization’s data. Auditors should take the time to develop a detailed understanding of the organization’s internal controls and audit them on a regular basis against up-to-date and relevant threat models.

TLDR

This article discusses the challenges associated with auditing authentication mechanisms in organizations. It highlights three main issues: disparate authentication practices, staffing and evidence collection, and internal controls. Organizations should establish strong identity and access management policies to reduce the challenge of disparate authentication practices. Additionally, finding qualified staff and collecting meaningful evidence can be difficult tasks for auditors. Lastly, auditors must ensure that internal controls are sufficient to reduce risks associated with authentication processes.

PS – Make sure if you are performing such an audit that, you are checking your current practices against international standards, regulatory requirements, privacy rules, and best practice audit controls. Ensure that you are taking the essential steps to protect digital identity, providing strong access control policies and user controls. Reviewing the logging, and event detection capabilities and ensuring that both unauthorized access and successful authentications are being properly monitored in the event that forensic analysis is needed to respond to a security breach or other incident.

PSS – If you need a process for auditing your authentication points, you can find that here.

Out with the old, in with the new!

As we wrap up another year, now is a great time to perform an account audit of your systems, networks and applications. Accounts that belong to staff members who may have left the organization are a primary focus for this process. Begin by inspecting your primary data store or identity tree against a current list of employees from HR. If you find accounts for people not on the list, then flag those accounts for investigation.

Likely, you will discover accounts for people who have left your organization or for services that are no longer needed. These accounts should be disabled and removed as soon as possible. Many organizations argue against these audits because they claim that they have controls in place for employee terminations. While this may be true, a quick review of a list of departed employees should still be performed at least yearly as a control to make sure that the process is being followed.

Another area to look at along these lines is to audit the system and application rights of folks who may have moved from one line of business or department to another. Often, their accounts are mis-configured and may give them rights to access data that they no longer need. These should also be investigated and refined as soon as possible. Don’t forget to ensure that routers, network gear and off site systems are included in the audit.They often house old accounts long past their prime.

Do this and you’ll save resources for the New Year! Here’s to a prosperous and successful 2012 for you and your organization!

MSI :: State of Security

Insight from the Information Security Experts

Tag Archives: Account Audit

Challenges Auditing Authentication Mechanisms in Organizations

Challenges

TLDR

Now Is a Great Time to Audit Stale Accounts