ISO27001 audit in real-time....
1) opening meeting
Introductions
Blah blah blah
Auditer w domain experience
Key person unavailable (not a problem - business continuity)
Changes since Covid-19?
Emergency test of home-working for all staff: no major issues
Acquired another company
Sharepoint migration
Integration of previous acquisition
3) access control
Access control policy
New starters process (again)
New starter form -> ticketed
Another worksheet
Includes apps and networks https://abs.twimg.com/emoji/v2/... draggable="false" alt="👍" title="Thumbs up" aria-label="Emoji: Thumbs up">
Review ticket
How are creds communicated?
Password policy
Enforced via GPO
Can we look at GPO?
Outsourced to MSP
Let’s review local policy
Local policy doesn’t match GPO https://abs.twimg.com/emoji/v2/... draggable="false" alt="😳" title="Errötetes Gesicht" aria-label="Emoji: Errötetes Gesicht">
Attempt to change password against policy fails https://abs.twimg.com/emoji/v2/... draggable="false" alt="👍" title="Thumbs up" aria-label="Emoji: Thumbs up">
Regular review of access rights
Process for non-ad accounts
Not IT responsibility -> application owner/admin
Control of domain admins
Logging and MFA
Review of domain admins
Generic MSP acct being replaced with named individuals
Leavers form
Compare w AD
Disabled https://abs.twimg.com/emoji/v2/... draggable="false" alt="😅" title="Lächelndes Gesicht mit offenem Mund und Angstschweiß" aria-label="Emoji: Lächelndes Gesicht mit offenem Mund und Angstschweiß">
Break for lunch https://abs.twimg.com/emoji/v2/... draggable="false" alt="😋" title="Face savouring food" aria-label="Emoji: Face savouring food">
You can follow @tjcmorgan.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: