Application Security – IT Audit Applications for ACL

 2011-10-01

Application Security – IT Audit Applications for ACL

IT security restricts access to the computer environment but it is the enforcement of application security which prevents users from exceeding their limits of authorisation. Furthermore, it’s the organisation’s approach and enforcement of segregation of duties that minimises the risk of fraud. There are however, additional elements of application security which can be monitored by ACL.

For example – comparing users’ last logon dates to their date of termination highlights unauthorised access. Detecting multiple logons from the same user ID would be indicative of account sharing. Analysis could extend to comparing application access, network logs and IT asset records to identify logins from computers that are not assigned to a user. It might also extend to comparing holiday dates to access logs to highlight unusual activity. Analysis of failed access attempts from key accounts and users may also be of interest. Identification of suspicious patterns of password activity may also be of interest, for example, multiple users with the same password; users who consistently change passwords at the same time; or who frequently perform a reset are all included.

• Compare employee termination date to last login date for user ID
• Analyse IDs with last login date over a specified threshold
• Extract IDs where the date of last password change exceeds security standards
• Identify concurrent logins of the same ID
• Join application access records to network logs and IT asset records to identify logins from a computer not assigned to the user
• Analyse patterns of failed access attempts to powerful accounts or key users (CEO, CFO, Payroll manager, etc.)
• Compare vacation records from HR to user access
• Identify suspicious password patterns
  • Multiple users with the same password or encrypted password
  • Users who consistently change passwords at the same time
  • Frequent password resets
• Compare user logins to physical security badge scanning systems and/or remote access logs

A powerful tool, ACL can be used to analyse IT system security, segregation of duties, and application controls. There are no limits to what can be achieved.