System and Security Audit Log No: XYZ
Auditor Name:
Audit Date: DD/MM/YY
Candidate Name
Assessor Name Khudda Dad
Qualification Diploma in Professional Competence for IT
Unit Title (Unit No) Security of ICT systems (307) Level 3
Aims To complete a basic IT System and Security Audit
I found this task easy/medium/hard because
Feedback from
Learner
Things I liked about this task were
Things I disliked about this task were
<Briefly what did your learn>
Tutor/ Assessor
Feedback to See Online Feedback
Learner
Student I certify that the work submitted for this assignment is my own and research sources
Declaration are fully acknowledged
Student Signature:
Date Submitted:
DD/MM/YY
Page 1
System and Security Audit Log No: XYZ
Number
1
Vulnerability
Do you or your staff work remotely and connect via Remote
desktop (not through a VPN) or other remote access software (e.g.
TeamViewer or LogMeIn?)
2
Do your computers have a password to login as well as password
login after screen saver is activated?
3
Do you have all your users in security groups for assigning
permissions to file and folder access?
Are the passwords for all your computers and cloud services strong
with at least 8 characters complex & changed at least every
quarter?
4
5
6
7
8
9
10
11
12
Auditor Name:
Yes
No
Audit Date: DD/MM/YY
Don't
Know
Action XYZ required by manager XYZ by
DD/MM/YY
Do you remove all old/unused/unnecessary user accounts from
your server and cloud services?
Have the default admin passwords been changed on your routers,
servers etc.?
Are there any open ports in your firewall?
Do you have a 2nd Generation firewall - Rate-based filter?
Is your wireless password strong (using WPA2 with random &
complex characters)?
Do you have both an onsite and offsite backup of your data?
Do you have a disaster recovery plan and has it been simulated
within past 24 months?
Do you have Snapshot backups where you can revert back to
previous versions of a file?
Page 2
System and Security Audit Log No: XYZ
Workstation Identification
System Resources
Installed Physical Memory (RAM)
System Information file name
Number of hard drives
Number of USB ports
Item
/
Publisher
Operating
system
/
Microsoft
Configuration
details
Standard/custom
Windows
Professional
Standard
Google Chrome
Software
application1
/
Google
Auditor Name:
Audit Date: DD/MM/YY
Processor Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz, 2401 Mhz, 2 Core(s), 4 Logical Processor(s)
4.00 GB
“System Information Log No XYZ”
1 drive, not encrypted
3 USB ports, none disabled
Software
Version
6.1
Serial
number
55041-008141416486805
47.0.2526.1 N/A
06
License
checked
Updates
Available
Checked legal
2 important
updates
available
1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor.
31 optional
updates
available
Browser plug
in are up to
date
DirectX 9 graphics device with WDDM 1.0 or higher driver.
Checked –
legal
Minimum system requirements
1 gigabyte (GB) RAM (32-bit) or 2 GB RAM (64-bit)
16 GB available hard disk space (32-bit) or 20 GB (64-bit)
Windows XP Service Pack 2+, Windows Vista, Windows 7, Windows 8
or Windows 10.
Note: Support for Windows XP and Vista will end soon.
An Intel Pentium 4 processor or later that’s SSE2 capable.
350 MB of free disk space.
512 MB of RAM.
Software
Application N
/
Page 3
System and Security Audit Log No: XYZ
Auditor Name:
Audit Date: DD/MM/YY
Backup has not been done hence created backup and restore point:
Restore point called XYZ1 created on DD1/MM1/YY1, XYZ2 created on DD2/MM2/YY2…..
<Insert screenshots of that here>
Windows Update Checked:
<Insert screenshots of that here>
Installed any update
<Insert screenshots of that here>
Default Browser is XYZ and its security setting is XYZ
<Insert screenshots of that here>
Use Reliability Monitor (perfmon /rel) to check system issues
<Insert screenshots of that here>
Chrome crashed on the 29th October
java errors
Windows did not shut down correctly on 28/8/15 15:17
MS word stopped responding on 6/10/15 10:26
Page 4
System and Security Audit Log No: XYZ
Auditor Name:
Audit Date: DD/MM/YY
Antivirus software configuration details/any problems encountered during virus scan of the system:
<Insert screenshots of that here>
No antivirus found in action centre
Windows defender scanned the system and discovered no spyware
<Insert screenshots of that here>
PC Status: protected
Scan completed on 45308 items with 0 threats
<Insert screenshots of that here>
Real time protection: on
<Insert screenshots of that here>
Virus and spyware definitions: up to date
<Insert screenshots of that here>
Number of standard user accounts created?
Number of Administration user accounts created?
Number of standard user accounts disabled?
Number of Administration user accounts disabled?
<Insert screenshots of accounts here>
-
Page 5
System and Security Audit Log No: XYZ
Auditor Name:
Audit Date: DD/MM/YY
Checked guest account is disabled? Yes is disable / Was enabled hence disabled it.
Password policy and change frequency being applied?
<Insert screenshots of that here using mmclocal computer policy> ---
Password Policy Modified for better security:
<Insert screenshots of that here>
Account Lockout Policy modified for better security
<Insert screenshots of that here>
Created a standard account to use for normal use.
<Insert screenshots of newly created standard user account here>
Firewall was not enabled:
<Insert screenshots of that here>
Enabled Firewall:
<Insert screenshots of that here>
Page 6
System and Security Audit Log No: XYZ
Auditor Name:
Audit Date: DD/MM/YY
Use Msconfig to
<insert screenshot of start-up applications that are enabled>
<insert screenshot of start-up applications that you have disabled>
How are important files Backed up?
<Insert screenshots of that here>
What physical security is available Locks, CCTV…
<Insert screenshots of that here>
Internet use policy confirmed?
LastAudit scan results
<Insert screenshots of LastAudit reports first page here>
Page 7
System and Security Audit Log No: XYZ
Auditor Name:
Audit Date: DD/MM/YY
WiFi security encryption type set
<Insert screenshots of that here>
Mail filtering including SPAM active
<Insert screenshots of that here>
Checked and updated email filters
<Insert screenshots of that here>
Using Bitlocker to encrypt and password protect confidential files
<Insert screenshots of that here>
Checked switch and router default accounts are not being used.
Page 8
System and Security Audit Log No: XYZ
Auditor Name:
Audit Date: DD/MM/YY
Page 9