A common question in an audit of information resources is whether or not accounts for users are being properly managed. One aspect of that is determining whether or not the accounts created are needed while another is looking for evidence that accounts for terminated users are being disabled or deleted in a timely fashion. An easy way to answer both of these questions is through the use of Active Directory queries! This screencast demonstrates exactly how to do just that.
While it's true that the information that we're looking for can be obtained directly from the Active Directory using tools like DSQuery and DSGet, in the long term I think it's far wiser to learn a little bit of basic
One of the topics that we have been discussing with organizations a great deal lately is the idea of automation in regards to continuous auditing. Said a different way, the standard audit model involves auditors making a list of audit scopes that they want to cover in the course of a year. Then, one at a time, the auditor interviews people, examines the output from technical tools, and in general manually collects audit evidence.
What if the act of evidence collection could be automated? Then it would seem that auditors could spend less time collecting data and spend more time analyzing evidence for risk. Maybe even an auditor could consider additional scopes in the course of a year if less time was being spent manually collecting such evidence.
In the next few blog posts I'd like to consider tools that could be used to assist us in automating the collection of audit evidence. Ideally we would use tools suited to this purpose, but realistically I know many of us will