Typically, firms must establish a procedure guide to make sure that a computer strictly adheres to the standard security baseline and again, has no known vulnerabilities. Consequently, the threat of attack by either insiders or outsiders is real, thus the need to develop a procedure guide to help curb such occurrences (Stevens et al., 2020). Again, auditing services significantly support accountability and hence valuable to the firm management, external and internal auditors. Consequently, given the reality that any computer system can be compromised from within if surreptitious access is gained, in this case, accountability is the last resort. Below is a security audit procedure guide that Always fresh firm can formulate to make sure its computers significantly abide by the standard security baselines.
To formulate an audit procedure guide for a positive image, we will first develop a procedural step guide that will enable us to audit a positive image network infrastructure. In that regard, we will start by downloading the MBSA. This can be achieved by visiting the Microsoft download site for MBSA 2.1.1 at www.Microsft.com/downloads. By doing that, we will ensure that the version significantly supports positive image computers. In this context, MBSA is a tool whose role is to assess the current security state of a computer corresponding with the Microsoft security recommendations (Stevens et al., 2020). The tool identifies any issues with the computer and ranks the issues by severity. Moreover, it provides a recommendation or a solution to fix the issue. Lastly, the tool runs Windows Server 2008 R2 as well as all Windows 7 platforms.
After installing MBSA, we will then open it by clicking the start button. The next step is to open the MBSA application. Consequently, once the GUI opens, we will then select from three operation modes:
- The first is selecting Scan a computer to scan a sole computer
- Next is selecting Scan multiple computers to scan more than a single computer in a solo session.
- Last is selecting view existing security scan reports to view the results of precursory scans.
The next procedure is, once we opt to scan more than a single computer, we will enter the IP dresses or domain names of the computers. In case, we are going to scan a single computer, we will enter the computer name. Regarding that, we will select checkboxes for preferred scanning options (Stevens et al., 2020). Then select start scan to start the scanning process and review the scanning outcomes to see information about the previous scans and to resolve what to do about the information from the scans.
There are few vulnerabilities in positive image windows limited include; no password expiration, auto-login was turned on, no automatic updates, and lastly, administrators in the computer were more than two. Moreover, If we have baselines dissimilar from the original baselines that we developed, then we shall know that there is an issue with the positive image computers. To address the vulnerabilities, we will execute the utilization of Shavlik NetChk Protect Analyzers with older OS such as SQL Server and Windows 2000. We will also execute the use of security analysis and configuration (Stevens et al., 2020). The key reason as to why we will execute the utilization of SCA is its capacity to create templates. Also, it will be essential; for comparison of the baselines of different computers. SCA is also crucial as it can force the different computers to match the settings defined in a baseline. This is quite handy especially when one wants to overrate the existing settings and also to revert to a well-known configuration. With the use of the above procedure guide, the firm will be in a position to make sure that their computers adhere to standard security baselines.