Visible to the public Automated IT Audit of Windows Server Access Control

TitleAutomated IT Audit of Windows Server Access Control
Publication TypeConference Paper
Year of Publication2019
AuthorsPONGSRISOMCHAI, Sutthinee, Ngamsuriyaroj, Sudsanguan
Conference Name2019 21st International Conference on Advanced Communication Technology (ICACT)
KeywordsAccess Control, access control violations, audit checklist, audit objectives, auditing, auditing processes, authorisation, automated audit tool, automated IT audit, automated process, business data processing, data breach incidents, Human Behavior, IEC standards, intrusion incidents, ISO standards, ISO/IEC 27002:2013, IT Audit, IT auditing process, Microsoft Windows, Microsoft Windows (operating systems), Object recognition, password, pubcrawl, Resiliency, Scalability, Security Audits, security controls, security policies, security weaknesses, Servers, Windows Operating System Security, Windows Server, Windows server access control, Windows server operating system

To protect sensitive information of an organization, we need to have proper access controls since several data breach incidents were happened because of broken access controls. Normally, the IT auditing process would be used to identify security weaknesses and should be able to detect any potential access control violations in advance. However, most auditing processes are done manually and not performed consistently since lots of resources are required; thus, the auditing is performed for quality assurance purposes only. This paper proposes an automated process to audit the access controls on the Windows server operating system. We define the audit checklist and use the controls defined in ISO/IEC 27002:2013 as a guideline for identifying audit objectives. In addition, an automated audit tool is developed for checking security controls against defined security policies. The results of auditing are the list of automatically generated passed and failed policies. If the auditing is done consistently and automatically, the intrusion incidents could be detected earlier and essential damages could be prevented. Eventually, it would help increase the reliability of the system.

Citation Keypongsrisomchai_automated_2019