The Pennsylvania State University - Administrative Information Services, a unit of Information Technology Services

• Home »
• Services »
• Applications Development »
• DBA-ES »
• Audits

Audits

DBA currently is working on a number of audits performed by the Penn State Auditors. One audit focuses strictly on DBA functions. Others require assistance from DBA in addressing select findings. DBA, working with others in both AIS and in other administrative offices, invests a great deal of thought and effort to accomplish the best possible outcome for each finding. DBA currently is working on these audits:

1. Natural Security: DBA is working with the auditors and several AIS personnel to improve both batch and online security. DBA is also documenting policies for the Security Office that address how to standardize building Natural Security profiles for users, batch IDs, and Natural libraries. We also will standardize how to build "links" between users, libraries, and files.

2. Grades Audit: As with the Natural Security audit, our goal with the Grades audit is to (1) standardize and improve how the Security Office provides access to select files in the ISIS database and (2) document policies for building future security objects. Working with the Registrar, we also tested and placed into production a new, improved, more secure and auditable process for applying adhoc updates to the ISIS database.

3. CIDR Audit: As with the other audits, our goal is to ensure that only those individuals and batch processes that legitimately require access to the CIDR files are granted such access. We will remove all other access. We also are establishing a policy for managing access to the CIDR files.

Audits usually take a significant amount of time, and we always seem to have other projects to work on. However, audit findings draw our attention to legitimate exposures and bad practices. By thoroughly addressing audit findings, we inevitably improve the security of our systems. This fact alone makes audits well worth our time and effort to resolve.

AIS News

• EIS Introduction Training

  Posted: 11/23/2009 in EIS

• Free IBISFIN Data Training

  Posted: 11/23/2009 in Data Warehouse

• DW Password Utility Changes

  Posted: 11/23/2009 in Data Warehouse

• Access 2007 Advanced Training

  Posted: 11/18/2009 in Data Warehouse

• Student DB--Changes Ethnicity Data

  Posted: 11/18/2009 in Data Warehouse

• Read More News »

ITS Alerts

• Resolved: CLC Linux Lab and Cluster Authentication issues

  Posted: Tue, 24 Nov 2009 15:05:24 EST

• ANGEL Import Wizard and Export Wizard tools to be turned off during finals week

  Posted: Tue, 24 Nov 2009 09:22:11 EST

• Breaker Testing in Telecommunications Building

  Posted: Tue, 24 Nov 2009 08:50:50 EST

• Thanksgiving Holiday Schedule Changes

  Posted: Fri, 20 Nov 2009 11:39:48 EST

• Resolved: TurnItIn Service Currently Unavailable

  Posted: Fri, 20 Nov 2009 11:28:40 EST

AIS Events

• Dec10

  Fall Grade Reporting Change Freeze Begins

• Dec12

  ANGEL Import/Export Tools to Be Turned off During Finals Week

• Jan4

  Fall Grade Reporting Change Freeze Ends

• Jan7

  Spring Registration Drop/Add Change Freeze Begins

• Jan18

  Spring Registration Drop/Add Change Freeze Ends