Scribd Logo
Carica

Benvenuto in Scribd!

  • Icq Ref CT Ref Compliance Test Working Papers

    Caricato da

    h
    14 visualizzazioni1 pagina

    Titolo originale

    Untitled10

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    14 visualizzazioni1 pagina

    Icq Ref CT Ref Compliance Test Working Papers

    Caricato da

    h

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 1

    cipfa-audit-IT-03.

    qxd
    Page 404

    COMPUTER AUDIT GUIDELINES . SIXTH EDITION


    ICQ REF CT REF COMPLIANCE TEST WORKING PAPERS
    2.3.2 Ask whether any monitoring of the type and content of network traffic takes place.

    3.1 3.1.1 Identify whether the organisation has a policy on the use of encryption for the transmission of
    confidential data.
    3.1.2 Ask whether encryption is used where sensitive or business-critical data is being transferred
    across the network.

    10/10/2002
    3.1.3 Identify whether the encryption ‘key’ is adequately protected, and if not, whether the protection
    provided by encryption is affected.
    3.1.4 Identify whether controls are in place to ensure that passwords and data are only transmitted
    across the network in an encrypted manner.

    16:58
    3.2 3.2.1 Determine what the organisation has done to prevent service denial attacks.

    3.2.2 Check that modems, routers and bridges are configured to minimise the risk of unauthorised
    access.

    Page 404
    3.2.3 Review a sample of routers to ensure that access to router configuration menus is restricted.

    3.2.4 Ask whether the firewall has been configured to detect excessive network traffic from any one
    source.
    3.2.5 Ask whether the internal network has been configured or partitioned to protect particularly
    sensitive business systems.
    3.3 3.3.1 Examine network diagrams (topologies) for evidence that ‘shortest route’ methodologies have
    been adopted.
    3.3.2 Ensure all attempts have been made to direct data traffic along the most efficient route (if possible
    use network traffic monitoring tools to help ensure this control).
    4.1 4.1.1 Consider the physical security afforded to file servers, workstations, terminals and lines and other
    network equipment. Attempt to follow lines and note any vulnerable points.
    4.1.2 Get details of individuals who have access to vulnerable areas and assess the reasonableness of
    this access and any security weaknesses this raises.
    4.2 4.2.1 Ask about arrangements for maintaining inventories of networked computer facilities and keeping
    them up to date.
    4.2.2 Obtain maintenance agreements and compare the equipment covered by them with the inventories
    to ensure that an acceptable level of cover is available in the event of failure or damage.

    Potrebbero piacerti anche