Basic auditing concepts

Basic auditing concepts

In order to be able to obtain information about the IT Assets that you manage during a network audit, there are a couple of basic requirements that must be met regardless of which particular auditing agent(s) you are using to do the job.

Firstly, and most obviously, we can't audit something if we don't know it exists. So requirement number one is pretty simple: we must be able to detect the existence of the IT asset that we want to interrogate (IT asset detection).

Secondly, once we know of an IT asset's existence, we have to be able to interrogate it for further information (audit the asset). In the case of FAX machines, this step might have to be performed manually. However, in the case of any machine running a Windows based operating system, manageability features form a core part of the OS, so auditing the machine can be performed automatically and if we are using a network auditing agent then this can even be performed remotely, over the network.

Generally speaking however, once the existence of an IT asset is known, there are three different ways that we can interrogate it for further information:

We can audit the IT asset remotely, over the network using a network auditing agent (such as ENT NetCenter or ENT Network Monitor)

We can install a machine auditing agent (such as EntAudit) on the machine, which collects information about that IT Asset for us

We can manually collect information about the IT asset (which I guess you could call a good old fashioned human audit)

The following sections discuss each of these three methods (and various techniques for each) in detail.