Windows and Active Directory IT Audit Services
Monterey Technology Group offers comprehensive and important services to the Sarbanes-Oxley 404 compliance process.
The fundamental principles of risks to availability, integrity and confidentiality are universally applicable across technologies. But Windows and related Microsoft technologies such as Active Directory are truly different than other host based operating systems and require a truly different audit methodology – especially in the scoping and evidence collection phases. The Windows environment while being highly distributed is also tightly coupled in regard to security between different systems. For instance a risk on one server (a domain controller) can expose other servers (such as financial application servers) to the same vulnerability. Such is the complexity of the Windows environment that an audit of single server never sufficiently covers an entire application area – financially significant or otherwise. But when faced with finite resources and schedule yet hundreds or thousands of servers how do you determine which ones to examine and which to scope out of your effort? Given the differing roles of Windows servers and the topology of an Active Directory implementation some servers may be critical to the applications or business processes in the scope of your audit and others inconsequential. Therefore simple sampling techniques are inadequate unless roles and AD structure are factored into the selection process. You must be able to document the Active Directory structure and thereby identify the coupled risks and dependencies that arise in connection with trust relationships and other Active directory constructs such as forests, domains, organizational units and group policy objects.
Is it time to perform a pre or post-implementation audit of Windows 2000, Windows Server 2003 or Active Directory? Do you see the need for some subject matter expertise to augment your internal capability? Or do you require turnkey audit services for Microsoft technology? Do you want to ensure your findings stand up to the scrutiny and challenges of your IT department’s technical specialists?
Monterey Technology Group, Inc. has the answer. Randy Franklin Smith, CEO of Monterey Technology Group, Inc. is the leading authority on audit and control of Windows Server 2003 and Active Directory. Each year Mr. Smith trains hundreds of IT auditors from corporation, government agencies and Big 4 accounting firms to audit Microsoft technologies through MIS Training Institute where he the course developer and primary instructor for the Windows and related technologies audit curriculum. Click here for Mr. Smith’s bio.
Randy Franklin Smith can perform on your entire Windows or Active Directory audit project or you can access his subject matter expertise on as-needed basis throughout your project. This includes assistance with your Sarbanes-Oxley 404 compliance process and your Sarbanes-Oxley 404 compliance planning. We have also developed a co-sourcing audit methodology designed to let you leverage Randy’s expertise and while reaping knowledge transfer to your own internal staff at the same time. To learn more about this high value, budget friendly co-sourcing option as well as other consulting options click here (service options page).
We also invite you to visit Windows Audit Help you’ll find practice aids and free resources designed by Randy Franklin Smith. Monterey Technology Group, Inc. provides the Windows Audit Help web-site as a service to the IT Audit community. Many IT auditors have used Windows Audit Help resources to enhance the value and performance of their Windows and Active Directory audit projects. When you need additional help Randy Franklin Smith and the rest of Monterey Technology Group, Inc. are here to assist.
