Questions tagged [audit]
For questions about the assessment of software, hardware, systems, people, processes, procedures, projects, etc, that are somehow related to the security of an organization or product. Often these are related to a certification the organization or product holds, or looking for tools or processes for performing an audit.
459
questions
14
votes
3
answers
12k
views
PostgreSQL Security Audit
Could anyone provide a good resource or check-list for a security review of PostgreSQL?
9
votes
4
answers
2k
views
What is an appropriate auditing standard for a law firm?
I'm an IT Admin at a law firm. We handle sensitive customer data and some health records. I'd really like to have an outside consultant assess our data security practices, but I'm not sure what to ask ...
11
votes
6
answers
22k
views
Automated tools for Cisco IOS config auditing? [closed]
Are there any automated tools for auditing config files exported from Cisco IOS devices? Free/Open Source is always nice, but anything that does the job would be of interest.
7
votes
2
answers
1k
views
What a programmer should know before their web service's client audit
Situation: I have created a WS client (.net wcf) for the customer that access a third party web service (Websphere). This WS uses HTTPS and I get a certificate from WS vendor. All works fine, I have ...
14
votes
5
answers
2k
views
How to get into RFID auditing?
I would like to get more knowledge around RFID-systems auditing.
Does anyone have a basic guide step-by-step which I can use to set up a lab with proper RFID "sniffing" equipment?
I would like to ...
7
votes
4
answers
1k
views
Firewall Reviews - What is in your Toolbox?
In the vein of the questions about forensics, I'd be interested to hear what tools/techniques people use on Firewall reviews, both in terms of periodic reviews as an auditor or consultant, or ...
6
votes
3
answers
775
views
Are Windows security updates audited?
An IT guy said that in his company, the Windows updates (small security updates that are downloaded automatically by the Windows autoupdate) are checked by the auditor. ie: the auditor checks if every ...
7
votes
1
answer
507
views
Are NTFS Alternate File Streams considered a security risk in your organisation; how is it mitigated?
Alternate File Streams allows a user to embed hidden content within any NTFS file. That file can be a TXT file, or MOV for example. Some may consider this a form of steganography, and therefore the ...
6
votes
1
answer
359
views
What are the resources that an auditor would need to access in read mode?
Here a more concrete question:
I am interested in documentation for an External Security Audit for ERP applications.
What are the types of External Security Audit for ERP applications?
What types ...