Enterprise IT Governance & Management Process

While reviewing the enterprise government and management processes of the company against the industry average, there were several areas where company was performing well above the industry average (Deloitte, 2005). Key areas where company performed well, fall under the domain controller policy settings and domain account policy values. In domain controller policy settings, company excels in:

1. Account logon events

2. Account management

3. Directory service access

4. Login events

5. Object access

6. Policy change

7. Privilege use

8. System events

Under the domain accounts policy values, strength of governance and process management shines in:

1. Password length

2. Password age

3. Password history

4. Reversible password encryption

5. Password changes for machine accounts

Other areas of administration and management of IT network were also evaluated, which include network operating system controls, management and support arrangements, logical access controls, network strategy, network device security controls, remote access security controls, and firewall configuration controls (Deloitte, 2005). Some of the areas where further improvement is required falls under the premises of network operating system, logical access security, network device security, and firewall security.

Under network operating system, audit of process tracking is required to establish accountability for actions performed within the system. this will ensure that program activation, indirect object access, and process exits are tracked properly, which will result in effective auditing and improved fault analysis (Deloitte, 2005). Another area under network operating system, which can be improved are remote service access rights and network services. Unnecessary remote logins should be removed to improve the security posture. Similarly, known and unknown features of network services can greatly affect the stability and security of network operating system, thus reduction in unnecessary network services is important. Lastly, user accounts of network operating system require clear mapping to network users; generic user accounts need to be removed such as clusterAdmin, domainUser etc. Generic user accounts compromise the accountability of network activities (Deloitte, 2005).

In the area of logical access security, it is important to limit unlimited password guessing, which otherwise can lead to network intrusion (Deloitte, 2005). Effective logical security measure will block the account after certain number of incorrect password attempts, which otherwise opens the door of brute force network access thus compromising the security of network.

In the remote network access area, restriction of remote user logins is desired to limit the risk of unauthorized network access using spyware while connecting remotely (Deloitte, 2005). Remote users are required to be educated regularly to setup anti-virus software and firewall while accessing the network.

In the area of firewall security, penetration testing is desired to evaluate the effectiveness of network security, otherwise unauthorized access might go unnoticed (Deloitte, 2005). Network penetration testing by multiple service providers will gauge the effectiveness of network firewall.

All the above areas identified in network operating system, logical security, remote network access and firewall security will establish accountability of user accounts and network changes, protect system from external unauthorized access, and improve network security posture. All the weak areas identified above are necessary for the efficient and secured IT infrastructure of company. Implementation of changes will improve the network governance and management process of IT infrastructure. Thus it is highly recommended to implement all the suggestions for the efficient and secured operations, management and governance of enterprise network.

References

Deloitte, 2005. Final Internal Audit Report, Network and Communications.