cipfa-audit-IT-03.

qxd
RISK ICQ CONTROL ANSWER COMMENTS CT
ID CTL REF Y N

10/10/2002
2.3 2.3 Is use of the network monitored to check for unauthorised network 2.3.1
connections and for equipment that is functioning (or being used) 2.3.2
incorrectly?
3.1 3.1 Is encryption used to prevent unauthorised access to data transmitted 3.1.1
over the network? 3.1.2

16:58
3.1.3
3.1.4
3.2 Are controls designed to safeguard data and programs from loss, 3.2.1

Page 401
misuse, theft, damage and accidental or deliberate corruption and 3.2.2
denial of service attacks? 3.2.3
3.2.4
3.2.5
3.3 Are networks designed and built to maximise the effectiveness of data 3.3.1
traffic? 3.3.2
4.1 Are hardware and communication media protected against damage, 4.1.1
malfunction and misuse? Is suitability of locations given due 4.1.2
consideration?
4.2 Do arrangements exist for the maintenance and insurance of hardware, 4.2.1
communications infrastructure, network management software and 4.2.2
consequential loss? 4.2.3
4.2.4
4.2.5
4.3 Are network management software and data files on each file server 4.3.1
and network device backed up regularly and the copies retained in a 4.3.2
safe place? 4.3.3

CONTROL MATRICES
4.4 Do recovery and business continuity arrangements exist in the event of 4.4.1
failure of lines or nodes on the network? 4.4.2
Page 401