Periodic System and Network Configuration Audits
One day, an Internet watchdog group told a System Manager that one of her systems was sending out a lot of unsolicited email. After she investigated, she found a system, installed by a key employee, was being used to send those emails from within the company. Nobody knew that this system was installed in the server room, and there was no record of the server belonging to a project. After further investigation, she found that the server was installed two years earlier, and it even had its own registered domain name.
To prevent something like this from happening again, the manager started to perform quarterly configuration audits. Yes, the company had a configuration management plan, but it did ...
Get Writing Information Security Policies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
