| dc.description.abstract | With the development of technology, the organization uses computers to replace paper operations and complete the needs of automation, but it also brings a lot of information security problems. In order to manage the internal network and strengthen information security, organizations with sufficient funds usually build various types of information security systems. These systems only control the equipment they manage, there is no relevant mechanism to find out the unmanaged computers, and data is not integrated between systems which increases the burden of managers. Although the function of the simple security audit system proposed in this study is not as powerful as the system in each specific field, it can provide integrated information to help managers understand which computers are not controlled by these systems. Managers can correct these unmanaged computers to improve the effectiveness of information security systems. The research system can help organizations which do not have sufficient funds for security protection, only have a basic Microsoft operating environment, active directory server, we have implemented system to prove our design. The research system can provide the information to meet audit needs, including the inventory of endpoint devices, antivirus software operation status, Microsoft updates status and Government Configuration Baseline setting check, etc. The cost of the research system construction is very low, only need existing Microsoft environment and free software to build.
Keywords:Information security audit, Microsoft environment, information integration, low-cost implementation | en_US |