0 оценок0% нашли этот документ полезным (0 голосов)
33 просмотров9 страниц
Ed and tested disaster recovery / business continuity plan. A review of the system development lifecycle should be completed. Area 2 involves scanning the infrastructure set up to reveal any vulnerabilities in the company's is setup.
Ed and tested disaster recovery / business continuity plan. A review of the system development lifecycle should be completed. Area 2 involves scanning the infrastructure set up to reveal any vulnerabilities in the company's is setup.
Авторское право:
Attribution Non-Commercial (BY-NC)
Доступные форматы
Скачайте в формате XLSX, PDF, TXT или читайте онлайн в Scribd
Ed and tested disaster recovery / business continuity plan. A review of the system development lifecycle should be completed. Area 2 involves scanning the infrastructure set up to reveal any vulnerabilities in the company's is setup.
Авторское право:
Attribution Non-Commercial (BY-NC)
Доступные форматы
Скачайте в формате XLSX, PDF, TXT или читайте онлайн в Scribd
1 understanding the IS audit process and finalizing the process to be followed
2 Plan the Audit, Scope of the audit, system boundaries and deliverables of the audit 3 Identify the Assets of the lab 4 Performing the audit 5 Performing the audit 6 Preparation of report 7 Review and submission of report of the audit Physical and environmental review This includes physical security, power supply, air conditioning, hu System administration review This includes security review of the operating systems, database m Application software review The business application could be payroll, invoicing, a web-based Network security review Review of internal and external connections to the system, perime Business continuity review This includes existence and maintenance of fault tolerant and red Data integrity review The purpose of this is scrutiny of live data to verify adequacy of co pply, air conditioning, humidity control and other environmental factors. ating systems, database management systems, all system administration procedures and compliance. l, invoicing, a web-based customer order processing system or an enterprise resource planning system that act ons to the system, perimeter security, firewall review, router access control lists, port scanning and intrusion de e of fault tolerant and redundant hardware, backup procedures and storage, and documented and tested disaste a to verify adequacy of controls and impact of weaknesses, as noticed from any of the above reviews. Such sub compliance. ning system that actually runs the business. Review of such application software includes access control and au ning and intrusion detection are some typical areas of coverage. ed and tested disaster recovery/business continuity plan. ve reviews. Such substantive testing can be done using generalized audit software (e.g., computer assisted aud access control and authorizations, validations, error and exception handling, business process flows within the a
omputer assisted audit techniques).
ess flows within the application software and complementary manual controls and procedures. Additionally, a re res. Additionally, a review of the system development lifecycle should be completed. Area Description Deliverables 1. Vulnerability Scanning This involves scanning the Vulnerability Report: Presents infrastructure set up to reveal any vulnerabilities in the company’s IS setup. existing vulnerabilities. 2. Report Audit This involves auditing reports that Audit Report: An Audit report is prepared are regularly generated as a part giving a security overview, and the of the Security management results of all the audits and reports are 3. Security Architecture Audit This involves process of theauditing the existing organisation. Audits Security preparedArchitecture Audit Report and presented. security architecture of the are conducted on: Logs – logs that organisation. are maintained within the system 4. Baseline Auditing This involves (syslogs) auditing by the network,the system security Baseline Auditing Report setup to verify components. and database that it is in IDS accordance with the Reports – reports thatsecurity are baseline generated ofby thethe organisation. Intrusion Deviations are recorded Detection System on an to on-going analyse basis. Any compliance during other reports thatthe are audit period. maintained/generated by the 5. Internal Control and organisation This involvesas part ofthe auditing its security existing Internal Control and Workflow Audit Workflow Audit maintenance workflow program. in the organisation to Report ascertain whether it is sufficient to handle and escalate response to security issues. 6. Policy Audit The Security policy is audited to Policy Audit Report ensure that it is in line with the business objectives of the organisation and complies with standards that the company follows or wishes to follow. 7. Threat/Risk Assessment Assessment of the various risks Threat/Risk Assessment Report: and threats facing the company’s Presents the various threats and risks Information systems. Taking into the company faces as a result of the account the results of the audits, existing vulnerabilities including faulty this assessment gives an overall policy, architecture, etc. picture of the security risk/ threat to the organisation.