Presentation is loading. Please wait.

Presentation is loading. Please wait.

AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES.

Similar presentations


Presentation on theme: "AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES."— Presentation transcript:

1 AUDITING INFORMATION SYSTEMS SECURITY

2 AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES

3 AUDITING INFORMATION SYSTEMS SECURITY Information security management framework Auditing logical access Auditing network infrastructure security Auditing engironmental exposures & controls Auditing physical access

4 Information security management framework The IS Auditor must review: –Written policies, procedures, standards –Logical access security policies –Formal Security awareness & training –Segregation of duties –Security regarding new IT users –Access standards –Terminated employee access - policy

5 AUDITING LOGICAL ACCESS General understanding of security risks Document and evaluate controls over access paths Test controls over access paths Evaluate access control environment Testing security Review access controls and password administration

6 Auditing network infrastructure security Review Network diagrams Identify network design implemented Determine applicable security policies, standards etc. Review network administrator procedures Assess remote access points of entry & dial-up access controls

7 Auditing Environmental exposures and controls Water and smoke detectors Fire extinguishers Fire suppression systems Fireproof walls, floors etc. Electrical Surge Protectors Fully documented & Tested BCP

8 AUDITING PHYSICAL ACCESS Touring the Information Processing Facility Test the physical safeguards – by observation Test other locations such as location of Operator consoles, printer rooms etc. Evaluate paths of physical entry


Download ppt "AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES."

Similar presentations


Ads by Google