Auditing a server
Assign topic to the user
Answer:
The active directory of a server is related to the control A.9 Access control so you will need to review the security policy of the AD, from, as you know, you can establish the complexity of the password, length, etc,
The backups are related to the control A.12.3.1 Information backup, and you can review the frequency of backups, planning of the backups and restores, etc.
The change management is related to the control A.12.1.2 Change management, and basically you can review the systematic for the changes (request for change, approbation of the change, etc.) related to the server (updates, patches, installation of new software, etc.)
It is also important that you perform an internal audit primarily against the requirements from your own documentation.
By the way, this article can be interesting for you "How to make an Internal Audit checklist for ISO 27001 / ISO 22301" : https://advisera.com/27001academy/knowledgebase/how-to-make-an-internal-audit-checklist-for-iso-27001-iso-22301/
Finally, our online course can be also interesting for you because we give detailed information about how to perform the internal audit “ISO 27001:2013 Internal Auditor Course” : https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
May 18, 2016