internal auditing, log auditing and unix auditing tools from OSM

Internal auditing rules may demand system log auditing and the use of UNIX auditing tools

 

In this document we review the way internal auditing procedures may be influenced by recent legislation on corporate governance to the extent that even system log auditing and the use of UNIX auditing tools are specified to a fine level of detail. Until the recent past, corporate officers have been allowed wide freedom in the way they implement their internal checking procedures. However, following recent legislation, external auditors and corporate officers now face harsher penalties whose consequences are such that internal auditing procedures will be stricter and that fairly low-level techniques such as log auditing and the use of UNIX auditing tools will become much more precisely defined.

Internal auditing, COSduty-SSA and the implications for log auditing and UNIX auditing tools

Recent US and European legislation (Sarbanes-Oxley in the USA and similar European Directives) has made compliance a big issue for publicly listed companies – and some private companies who conduct business with the listed sector.

The essence of the legislation is to protect the integrity of the financial information provided to the public. This is difficult to prove when privileged IT users, typically system administrators, have unlimited access rights to critical IT systems. Internal auditing teams are having to become more assiduous and their recommendations more detailed. They may well be obliged to specify mechanisms for log auditing and even penetrate the world of operating systems to dictate UNIX auditing tools.

A software product of particular value in this area is COSduty-SSA whose use can limit the unrestricted freedoms of systems administrators and audit their activity so as to prove IT services are making their full contribution to data integrity and compliance.

In addition, because of its low implementation costs and other technical advantages, COSduty-SSA can show a positive RoI, even when compliance issues are disregarded.

Some details of the functionality of COSduty-SSA

COSduty-SSA can ensure the use of privileged accounts is reduced to the absolute minimum by:

  • encapsulating the majority of privileged routines in menu/forms driven procedures
  • enforcing administrators to request privileged sessions on particular systems for particular periods of time
  • allocating only that subset of commands required to carry out a requested function
  • auditing all activity and reporting on those audit trails

In summary, COSduty-SSA is an unusual product, but one whose scope is quickly becoming more widely acknowledged as the intricacies of the measures which are required to protect corporate officers from the possible consequences of corporate governance legislation are better understood. If this area is new to you and visualising the role of products such as COSduty-SSA remains difficult, please feel free to contact OSM for relevant information at all levels. Alternatively, re-enter the COSduty-SSA web site and help yourself.

OSM is the leading independent specialist supplier of E-DSM solutions for organizations who rely on a UNIX, Linux and Windows infrastructure. Our reputation is one of delivering solutions to problems of all complexities by means of our highly competent Professional Services team. One of the most distinct advantages of OSM's products is that they are founded on a technology which allows them to be easily tailored to suit the particular needs of demanding customers. When this ease of tailorability is combined with the technical strength of our Professional Services team, the result is a level of relevant functionality that competitive suppliers appear unable to attain. When the modest cost of the products is added to the equation, it is plain that the value for money provided by OSM is very hard to beat.

Back To Home Page

(c) Copyright 2005 www.cosdutyssa.com