Beruflich Dokumente
Kultur Dokumente
Subject: Computer 4
Section: M31
Areas of
Controls
1.)
Operating
Systems Control
Possible Exposures
Accidental
and
intentional
threat
including
attempts
to
access
data
illegally, violate user privacy, or
perform malicious acts
Audit
Audit
Objectives
Procedures
To
ensure
that
the
organization has an adequate
and effective password policy Review the users permitted
log-on times.
for controlling access to the
operating system.
Verify that all users are
required to have passwords.
To
ensure
that
the
auditing of users and events in
adequate for preventing and
detecting
abuses,
reconstructing key events that
preceded systems failures and
planning resource allocation.
2.)
Database
Management
Control
3.)
Inadequate back up of
data and unauthorized access to
data
by
authorized
and
unauthorized personnel
Organizational
Structure
Programmers
and
operators who perform
incompatible
functions
may penetrate program
fraud.
Documentation
Obtain
the
current
organization chart for the
information technology
Through discussion with
information
technology
personnel,
evaluate
the
proper
segregation
of
Internal Control
Checklist
Is there a Security
policy Checklist?
Is there a summary
of
anti-virus
software
programs
installed?
Is there a summary
of password control
procedures?
Biometric devices
Authorization rules
User-defined
procedures
Encryption
Interference controls
Access Controls
Program Change
Control
Security policy
checklist
IT general controls