Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL
Help

Chapter 10. Auditing Storage > Master Checklists - Pg. 277

Chapter 10: Auditing Storage 277 Resource Website EMC Powerlink NetApp NetApp NOW HP HP Support Storage Glossary www.emc.com/support-training/support/emc-powerlink.htm www.netapp.com now.netapp.com www.hp.com welcome.hp.com/country/us/en/support_task.html enterprisestorageforum.webopedia.com PART II Master Checklists The following checklist summarizes the steps for auditing storage. Checklist for Auditing Storage 1. Document the overall storage management architecture, including the hardware and supporting network infrastructure. 2. Obtain the software version and compare it against policy requirements. 3.Verify that policies and procedures are in place to identify when a patch is available and to evaluate and apply applicable patches. Ensure that all approved patches are installed per your policy. 4. Determine what services and features are enabled on the system and validate their necessity with the system administrator. 5. Review and evaluate procedures for creating administrative accounts and ensuring that accounts are created only when there's a legitimate business need. Also review and evaluate processes for ensuring that accounts are removed or disabled in a timely fashion in the event of termination or job change. 6. Evaluate the process and policies used for granting and revoking access to storage. 7. Evaluate how capacity is managed for the storage environment to support existing and anticipated business requirements. 8. Evaluate how performance is managed and monitored for the storage environment to support existing and anticipated business requirements. 9. Evaluate the policies, processes, and controls for data backup frequency, handling, and remote storage. 10.Verify that encryption of data-at-rest is implemented where appropriate. 11.Verify that network encryption of data-in-motion is implemented where appropriate. 12. Evaluate the low-level and technical controls in place to segregate or firewall highly sensitive data from the rest of the storage environment. 13. Review and evaluate system administrator procedures for security monitoring. 14. Perform the steps from Chapter 4, "Auditing Data Centers and Disaster Recovery," as they pertain to the system you are auditing.