Talk With an Expert

Case Study: Automating Common InfoSec Auditing Tasks on a Windows 2000 Network

Case Study: Automating Common InfoSec Auditing Tasks on a Windows 2000 Network (PDF, 2.20MB)Published: 18 Mar, 2003
Created by
Clay Risenhoover
Clay Risenhoover

Policies are only as good as the procedures used to implement them. When the procedures are too cumbersome or time-consuming, it is likely that policy compliance will suffer. Unrealistic procedures can lead to 'implemented policies' that are weaker than the stated policies. Conversely ensuring that procedures are easy to implement has the effect of making full policy compliance more likely. In this case study we will examine how automating information security audit procedures at a university had the effect of increasing security through increased policy compliance. We will discuss three stated policies their associated procedures and how poorly designed procedures led to weak 'implemented policies.' We will then discuss how the procedures were automated and finally discuss the effects of the automation on the university's overall security stance.

Meet the expert

Clay Risenhoover
Clay Risenhoover

Clay Risenhoover

Principal Instructor

Clay holds a Bachelor’s and Master's in Computer Science from Southeastern OK State University, as well as a numerous certifications. The highlight of his career has been seeing his students graduate to jobs in software development and security.

Read more about Clay Risenhoover