Operating System Security & Audit

When:  May 26, 2022 from 08:30 to 16:30 (ET)

Session Title: Operating System Security & Audit

Date/Time: Thursday May 26, 2022 – 8:30 am to 4:30 pm EDT.

Speaker: John G. Tannahill, CA, CISM, CGEIT, CRISC, CSX-P

Fees: Members CAD $100/- Non-members CAD $120/-

CPE: 8.0 Hrs


This session will focus on the security, control and audit areas for Windows Server and Linux Server Operating Systems.


  •         Audit and security areas related to Active Directory and Windows Server operating systems
  •         Audit and security areas related to Linux Operating Systems.

Introduction to Operating System Security & Control

  •         Virtualization Security Areas and relevance to operating systems
  •         Windows Server
  •         Linux Server

  Active Directory & Windows Server Key Security Controls

  •         Security Baselines
  •         Active Directory Security
  •         Member Server Security
  •         Identity & Access Management
  •         Domain and Local Account Policies
  •         User Accounts
  •         Authentication Controls
  •         User Rights
  •         Groups
  •         Network Share Security
  •         Directory & File Permissions
  •         Registry Security
  •         Security Event Logs / SIEM
  •         Windows Services
  •         Network Security

Auditing Active Directory and Windows Servers

  •         Auditing Domain Controllers
  •         Auditing Member Servers
  •         Automated Tools/ Scripts for audit testing e.g. PowerShell

Linux Server Key Security Controls

  •         User Accounts
  •         Shadow Password mechanisms
  •         Password Controls
  •         Pluggable Authentication Modules (PAM)
  •         Controlling Root and privileged users
  •         Sudo Configuration
  •         Linux Groups
  •         File Permissions
  •         SUID / SGID Programs
  •         Security Logs
  •         Syslog Facility
  •         SELinux
  •         SSH Configuration
  •         Network Security

Auditing Linux Servers

  •         Audit Approach / Objectives
  •         Security & Audit Checklists
  •         Open Source Tools & Shell scripts for audit



John G. Tannahill, CA, CISM, CGEIT, CRISC, CSX-P

John is an independent Information Security and Audit Services Consultant. His current consulting work areas are focused on information security in large information systems environments and networks, requiring detailed knowledge of the major operating systems encountered.  Particular areas of technical security expertise include: 

Cybersecurity Assessment

Windows Server


Database Security

Network Security

John is a frequent speaker in Canada; USA, Europe, Africa and Asia on the subject of Information Security.  He is a member of the Institute of Chartered Accountants of Scotland