6.1 : Auditing Operating Systems Flashcards
Auditing operating systems requires attention to:
- Standards
- Maintenance and support
- Change management
- Configuration management
- Security Management
Auditor examining standards
Examine written standards to see if they are complete and up-to-date. Examine a sampling of servers and workstations to see whether they comply with the written standards.
Maintenance and support Examination
Auditor should examine business record to see whether the operating system running on servers or workstations are covered by maintenance or support contracts.
Examination of change management
Examine OS change management processes and records to see whether changes are being performed in a systematic manner.
All changes made should be requested and reviewed in advance, approved by management, and recorded.
Examine configuration management
Examine configuration management processes, tools, and recordkeeping
Examine security management
The auditor should examine security configuration on a sample of servers, and workstations, and determine whether they are hardened or resemble manufacturer default configuration. Examine also patch management and administrative access.