Related Posts
Any dermatology research opportunities?
Additional Posts in Risk Assurance
What makes more money IT Audit or IT GRC?
New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.



However there is a windows admin group that controls the access to these folders and that group has full access to all 3 folders (that cannot be removed). They have no knowledge of the application and they are part of the windows admin team, but how can you appropriately test this.
Maybe look for compensating controls such as a user access review to shown the users who have access to the admin group have ongoing authorization and look to see if logging is enabled. Ideally admin CRUD Logs should be feeding into a SIEM. The windows security logs should also feed into the SIEM. If there is no SIEM there should be some ongoing review of audit logs at a defined frequency
Test what? you already determimed that this admin group grants its members full access to the 3 folders
Review the control objective of the control you're trying to test first