Audits DBA currently is working on a number of audits performed by the Penn State Auditors.  One audit focuses strictly on DBA functions.  Others require assistance from DBA in addressing selected findings.  DBA, working with others in both AIS and in other administrative offices, invests a great deal of thought and effort to accomplish the best possible outcome for each finding.  DBA currently is working on these audits: 1.  Natural Security:  DBA is working with the auditors and several AIS personnel to improve both batch and online security.  DBA also is documenting policies for the Security Office that address how to standardize building Natural Security profiles for users, batch IDs, and Natural libraries.   We also will standardize how to build “links” between users, libraries, and files. 2.  Grades Audit:  As with the Natural Security audit, our goal with the Grades audit is to (1) standardize and improve how the Security Office provides access to select files in the ISIS database and (2) document policies for building future security objects.  Working with the Registrar, we also tested and placed into production a new, improved, more secure and auditable process for applying adhoc updates to the ISIS database. 3. CIDR Audit:  As with the other audits, our goal is to ensure that only those individuals and batch processes that legitimately require access to the CIDR files are granted such.  We will remove all other access.  We also are establishing a policy for managing access to the CIDR files. Audits usually take a significant amount of time to resolve, and we always seem to have other things to work on.  However, audit findings draw our attention to legitimate exposures and bad practices.  By thoroughly addressing audit findings, we inevitably improve the security of our systems.   This fact alone makes audits well worth our time and effort to resolve.

Printer friendly view