UTILIZING ENTERPRISE RISK MANAGEMENT
I find that adopting and using the enterprise risk management strategy in the company is best as it helps to find the deep organization functions and its assets. Installing this will help to identify the domains that need to be included in the scope of the internal audit and also the way forward once they have been identified and addressed. Also, through this means, it will enable the organization to create a strategy that would restructure the initial efforts of internal auditing enabling it to focus on the more critical issues affecting its operations from the top down to the bottom. Additionally, enterprise risk management helps to ease the means of identifying which assets are most vulnerable to exploitation. To the internal auditing team, the enterprise risk management strategy will help them to concentrate on the high-risk areas and manage their resources cost-effectively (Egede, 2018).
Traditionally, windows 2012 R2 server can be audited traditionally through initially installed policies on the computer. Conducting an audit this way may be cost-effective, but you will end up going through more files that you had no intention of going over to. However, with advanced audit policies, it will guide you to a more specific type of activity to audit. The advanced feature will make it easier for the auditor to come up with an audit plan to help assess the status of the server. Such would involve the plan to audit account logins to determine the validity of the logged in credentials, audit account management operations for any changes to the several accounts and access to the active directory together with its function. Also, the plan would involve logon/ logoff account activity and the access to files, folders, and registry (Thomas, 2014).
References
Egede, I. (2018, August 31). Top 5 best practices for a cost-effective internal audit. Retrieved from Infosec: https://resources.infosecinstitute.com/top-5-best-practices-for-a-cost-effective-internal-audit/#gref
Thomas, O., (2014, February 06). Administering Windows Server 2012 R2: Monitoring and Auditing. Retrieved from Microsoft Press Store: https://www.microsoftpressstore.com/articles/article.aspx?p=2217266&seqNum=3