> My organization is performing an audit on a LAN connected to a WAN.
> Does anybody out there have an audit procedure in place to audit a WAN
> (i.e. Security, Performance, Configuration ...)
We were recently audited by the federal OCC Bank examiners for
Information Systems. Their audit process was to cover LAN/WAN for
our subsidiary unit. PART of this process included a 15-20 page
list of questions on wan and information security policies and
enforcement. At no time was there interest in what technology was
used for anything. Basically, is there a policy for xyz?, is it
This was a high level audit, but understand that it was completely
dependent on our own internal policies and procedures, combined
with federal and state requirements for banking security. I'm sure
that any audit for your environment must be directed to a different
set of requirements. And this is probably true for many folks.
On the other hand, our internal auditors, do do in-depth technical
audits of the technology we use to enforce client-server policies.
Unfortunately, they purchased a cookbook checklist for unix systems
that was out of date in the first hour they got it and more than
half the items were meaningless to our environment. If your auditors
aren't up to date on the latest security aspects and technology, no
cookbook checklist is going to help.
Catherine Fulmer : ,-^,
com : _ ___/ /\|
http://www.waterw.com/~manowar : ,;`( )__ ) ~
PNC Bank (Phila, PA, US) : // // `--;
Voice: 610-521-7828 : ' \ \
Fax: 610-521-7980 : ^ ^
My words are mine, and don't reflect the views of my employer.