Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Slides:

Advertisements

Similar presentations

1 COMPUTER GENERATED & STORED RECORDS CONTROLS Presented by COSCAP-SA.

Advertisements

Checking & Corrective Action

CIP Cyber Security – Security Management Controls

Software Quality Assurance Plan

Environmental Management System (EMS)

Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.

Auditing Computer Systems

SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:

Pertemuan 5-6 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Manajemen Basis Data Pertemuan 6 Matakuliah: M0264/Manajemen Basis Data Tahun: 2008.

Pertemuan 16 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 25 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

Pertemuan 7-8 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 9-10 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

NIST framework vs TENACE Protect Function (Sestriere, Gennaio 2015)

Computer Security: Principles and Practice

Concepts of Database Management Seventh Edition

Pertemuan 15 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.

Instructions and forms

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.

Discovery Planning steps (1)

Security Operations. 2 Domain Objectives Protection and Control of Data Processing Resources Media Management Backups and Recovery Change Control Privileged.

The Key Process Areas for Level 2: Repeatable Ralph Covington David Wang.

TO ENSURE  THE EFFICIENT & EFFECTIVE DEVELOPMENT / MAINTENANCE OF IT SYSTEMS  PROPER IMPLEMENTATION OF IT SYSTEMS  PROTECTION OF DATA AND PROGRAMS.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Concepts of Database Management Sixth Edition

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Current Job Components Information Technology Department Network Systems Administration Telecommunications Database Design and Administration.

Elements of Clinical Trial Quality Assurance Regulatory Coordinator –SCTR SUCCESS Center QA Monitor – NIDA Clinical Trials Network Stephanie Gentilin,

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

David N. Wozei Systems Administrator, IT Auditor.

Concepts of Database Management Eighth Edition

Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

2011 NPMA Conference Series III National Capital Area Conference Leaders in Asset Management National Capitol Area Conference Charles L. Robinson, Director.

Information Systems Security Operational Control for Information Security.

Information Systems Security Operations Security Domain #9.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.

Pertemuan 3-4 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.

QUALITY MANAGEMENT STATEMENT

Chapter 2 Securing Network Server and User Workstations.

CONTROLLING INFORMATION SYSTEMS

WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.

Pertemuan 14 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Information Security tools for records managers Frank Rankin.

Ron Enger Southern Oregon Educational Service District Medford, Oregon Cliff Ehlinger Grant Wood Area Education Agency Cedar Rapids, Iowa December, 2006.

Welcome. Contents: 1.Organization’s Policies & Procedure 2.Internal Controls 3.Manager’s Financial Role 4.Procurement Process 5.Monthly Financial Report.

Business Continuity Planning 101

IT Audit for non-IT auditors Cornell Dover Assistant Auditor General 31 March 2013.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

Information Systems Security

Review of IT General Controls

Introduction for the Implementation of Software Configuration Management I thought I knew it all !

Developing Information Systems

CLINICAL INFORMATION SYSTEM

County HIPAA Review All Rights Reserved 2002.

INFORMATION SYSTEMS SECURITY and CONTROL

Software Validation in Accredited Laboratories

DEPLOYING SECURITY CONFIGURATION

Radiopharmaceutical Production

Presentation transcript:

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007

Bina Nusantara OPERATIONAL CONTROL ISSUES

Bina Nusantara Organizational Policy and Organizational Controls Every computer installation should have specific standards and procedures manuals covering operations. An important element of any set of standards or manuals should be the requirement that operators maintain logs on which any unusual events or failures are recorded, according to time an in detail.

Bina Nusantara Data Files and Program Controls Data library Procedures to access program, data files and documentation Authorized person Control is enhanced by the practice of maintaining an inventory of file media within the data library.

Bina Nusantara Backup/Restart Control planning must be based on the assumption that any computer system is subject to several different types of failures. Procedures must exist and must be tested for recovery from failures or losses of equipment, programs or data files. Backup and restart capabilities for both programs and data files require specific retention cycles and the storage of backup copies or programs and files at remote, protected locations. Copies of system documentation, standards, and procedure manuals also should be protected through remote off-site storage.

Bina Nusantara Physical Security and Access Control To prevent or deter theft, damage, and unauthorized access, and to control movement of network-related equipment and attached device, also prevent unauthorized access to data and software.

Bina Nusantara Environmental Controls General ControlCOBIT Control Organizational policy and organizational controlsManage third-party services Manage operations Data files and program controlsManage performance and capacity Ensure system security Identify and allocate costs Manage Data Backup/restart and disaster recovery controlsEnsure continuous service Environmental controlsManage the configuration Manage the facility Physical security access controlsEnsure systems security

Bina Nusantara Problem Management Auditing Is a process that is used to report, log, correct, track, and resolve problems within the hardware, software, network, telecommunications, and computing environment of an organization. Problem management provides the framework to open, transfer, escalate, close, and report management. Effective problem management procedures are vital to the long term control over the performance of a data processing organization.

Bina Nusantara Example of Audit Steps Administration of IT Activities – Review the organization chart and evaluate the established procedures for adequacy in defining responsibilities in the security administration area. – Determine who is responsible for control and administration of security. Verify that adequate security exists in the security administration function. – Determine whether adequate direction is maintained for each IT functional area within a policy and procedures manual. Evaluate whether the manual is kept up to date by IT management. – Determine if written personnel policies for the IT administration personnel exist, and if these policies stress adequate qualification and level of training and development – Determine if long range (two to five) years’ system planning is maintained by IT management and is adequately considered in the fiscal budgeting process. – Assess the adequacy of inventory procurement and control pertaining to the administration of the LAN environment. Review available inventory documentation to determine if it is adequately maintained and complete in description and location. Compare the serial numbers on the computer software with inventory records to determine if illegal copies of system and application software are being supported.

Bina Nusantara Example of Audit Steps Operating System Software and Data – Determine through interviews with data center personnel whether any significant modifications or upgrades were implemented during this audit year. Review authorization documentation to ensure that adequate IT management approval is obtained prior to the implementation. – Determine through interviews with the IT personnel the procedures implemented to ensure that adequate IT management approval is obtained prior to the implementation. – Evaluate access restrictions over critical system operation areas.