Publication: Automated IT Audit of Windows Server Access Control
Issued Date
2019-04-29
Resource Type
ISSN
17389445
Other identifier(s)
2-s2.0-85065666524
Rights
Mahidol University
Rights Holder(s)
SCOPUS
Bibliographic Citation
International Conference on Advanced Communication Technology, ICACT. Vol.2019-February, (2019), 539-544
Suggested Citation
Sutthinee Pongsrisomchai, Sudsanguan Ngamsuriyaroj Automated IT Audit of Windows Server Access Control. International Conference on Advanced Communication Technology, ICACT. Vol.2019-February, (2019), 539-544. doi:10.23919/ICACT.2019.8701931 Retrieved from: https://repository.li.mahidol.ac.th/handle/20.500.14594/50850
Research Projects
Organizational Units
Authors
Journal Issue
Thesis
Title
Automated IT Audit of Windows Server Access Control
Other Contributor(s)
Abstract
© 2019 Global IT Research Institute (GIRI). To protect sensitive information of an organization, we need to have proper access controls since several data breach incidents were happened because of broken access controls. Normally, the IT auditing process would be used to identify security weaknesses and should be able to detect any potential access control violations in advance. However, most auditing processes are done manually and not performed consistently since lots of resources are required; thus, the auditing is performed for quality assurance purposes only. This paper proposes an automated process to audit the access controls on the Windows server operating system. We define the audit checklist and use the controls defined in ISO/IEC 27002:2013 as a guideline for identifying audit objectives. In addition, an automated audit tool is developed for checking security controls against defined security policies. The results of auditing are the list of automatically generated passed and failed policies. If the auditing is done consistently and automatically, the intrusion incidents could be detected earlier and essential damages could be prevented. Eventually, it would help increase the reliability of the system.