Points to address during a security audit in this scenario.

yzTyzT Member Posts: 365 ■■■□□□□□□□
Recently I started to work for a company where the security controls are close to null. For instance, since the very first day I got root access to every system, they share passwords through Skype, write them down on notebooks, most of them let the session logged when they leave, they use pirate software, passwords in clear text on scripts...

I couldn't let go this lack of security awareness, and yesterday a conversation arose and I spoke about the need to implement security controls, though they are not very convinced.. LOL!

Today speaking with the coordinator of the area, she says we should take actions against this problem. Although I'm new and do not have so much hands-on experience, for what I've seen so far, I'm the only one who know something about security in this job, after all, I'm pursuing a career in information security.

I'd like to leverage this situation to start to perform security tasks, and I thought that I could perform an internal security audit exposing the points stated above and then provide a little training about security awareness.

What else do you recommend me to look for?

Comments

Sign In or Register to comment.