Importance of Internal Company Security and Auditing Controls
This section discuses several categories of Internal Company Security and Auditing Controls. Included is a discussion on the general importance and purpose of having these controls in place and their relevance to protecting the internal and external infrastructure by the information technology department. It is important to understand that the control of every aspect of the network infrastructure (out to the client side) is very important, and the lack of such controls by the company or the information technology department could be catastrophic
General Internal Company Security and Auditing Controls
General Internal Company
Security and Auditing Controls are being applied today so that companies can have a standard approach to bring together different opinions and ideas. These Internal Controls are generally brought together by a consortium of management and other personnel to achieve objectives by the company. Internal Controls allows companies to maintain several of the following areas:• Efficiency of operations.• Compliance with laws and regulations. Several documents have also been released to suggest ideas about Internal Company Security and Auditing Controls:• Company controls should be built into operations currently in place.• All departments and personnel within a company have input to Company Controls.Company and Internal Controls help to govern companies currently operating. According to policies of a higher education facility, companies should have a continuous program in place to put together and assemble training and implementation through several avenues:Risk Assessment• The identification of key weaknesses in computer systems, nodes on a network, clients, connectivity and training.Security Control Activities• Policies and Procedures that ensure all levels of the company are within compliance with standards set by the company.• Activities include hierarchal structure, authorization, implementation, disaster recovery and planning.Information and Communication• Information from vendors is archived.• Information from customers (clients) is logged.• Communication along internal paths of the company to insure all areas of protection are available.Monitoring/Auditing• Assessment of hardware firewall.• Assessment of Software Patches and Service Packs.• Management of all personnel.• Auditing of logs and change orders.• Monitoring of performance of all nodes on the network.• Monitoring of security alert sites of government and for profit sites. The research paper at this point has focused on the
importance and makeup of generalized Internal Company Security and Auditing Controls. Weaknesses in this structure follow:• Communication• Poor or lack of judgment• Lack of training• Lack of concern• Disgruntled employees• Lack of review• Lack of training
It is up to management at all levels to monitor company security and auditing controls.