Traditional methods of security accreditation in the Government classified arena are outdated. They are becoming increasingly ineffective in maintaining security, irrelevant and damaging to the effectiveness and efficiency of IT systems and the organizations they serve. It is important to move towards a genuine risk-management approach to IT security. This will release resources to concentrate on the important tasks of monitoring and auditing IT security of systems and distributed networks in operation. This memorandum describes management framework also for the non uniform distributed network. In this paper we are giving an approach for information security in a Client/Server based Distributed network. With this work we address several factors concerning security and auditing of information in distributed network environments.