ABSTRACT
Like any LAN, Windows NT processing controls should be based on standards developed by user and data processing managements. These standards should define the practices and controls adopted by management to ensure that processing is performed with a prudent level of risk. Standards should be developed in the areas of data security, systems development, program change control, problem management, and disaster recovery planning. Windows NT has made improvements in the areas of logical security and system recovery by providing controls similar to those in mainframe environments. However, the auditor should be aware of security weaknesses that exist in the NT LAN environment. These weaknesses are discussed later in this chapter. In addition, the auditor should develop a picture of the audit environment, including an understanding of the business functions, information flows, and data storage to assess the effect of control weaknesses accurately.
