AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES.

Slides:

Advertisements

Similar presentations

All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.

Advertisements

Information Technology Control Day IV Afternoon Sessions.

Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.

Auditing Computer Systems

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Audit Considerations of Data Center Consolidation Jon Ingram Audit Manager Information Technology Audits Florida Auditor General 1.

Security Controls – What Works

Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  on companies  avg case £  France.

Information Security Policies and Standards

School Safety Training

Pertemuan 5-6 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 8 IT Governance: Management Control of Information.

Session 3 – Information Security Policies

Process Analysis: Fire Safety At Workplace CM2180 Student Sample.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

INTRODUCTION. Department Policy The Department of Environmental Protection recognizes that it has the obligation to provide for the health and safety.

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

Fraud Examination, 3E Chapter 4: Preventing Fraud

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

/0203 Copyright ©2002 Business and Legal Reports, Inc. BLR’s Safety Training Presentations Safety and Health Program.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

 2004 Prentice Hall Business Publishing, Accounting Information Systems, 9/e, by Bodnar/Hopwood 11 – 1 Chapter 11 Systems Implementation, Operation,

INFORMATION SECURITY REGULATION COMPLIANCE By Insert name dd/mm/yyyy senior leadership training on the primary regulatory requirements,

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Process for Analysis  Choose a standard / type  Qualitative / Quantitative Or  Formal / Informal  Select access controls  Match outcome to project.

COMMUNITY AWARENESS / EMERGENCY RESPONSE BEST PRACTICE EXAMPLES AND TOOLS David Sandidge Director, Responsible Care American Chemistry Council May 31,

David N. Wozei Systems Administrator, IT Auditor.

Controlling Information Systems: IT Processes. 2 Learning Objectives Learn the major IT resources Appreciate the problems in providing adequate controls.

IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee

Information Collection, Storage and Sharing. The use of computers have made it easier than before, to collect, store and share large amounts of information.

Chapter 8 - Controlling Information Systems: Introduction to Pervasive Controls Accounting Information Systems 8e Ulric J. Gelinas and Richard Dull © 2010.

Controlling Information Systems: IT Processes. 2 Learning Objectives Learn the major IT resources Appreciate the problems in providing adequate controls.

H UMAN R ESOURCES M ANAGEMENT Beki Webster Director, HR, Intelligence Systems Division Northrop Grumman Information Systems July 31, 2009.

Note1 (Admi1) Overview of administering security.

Management of Change ► The health, safety, security, environmental, technical and other impacts of temporary and permanent changes are formally assessed,

College Reviews An Overview Presented by Howard Lutwak, CIA Director of Internal Audit January 2004.

Division of Risk Management State of Florida Loss Prevention Program.

Security Policies. Threats to security and integrity  Threats to information systems include  Human error –keying errors, program errors, operator errors,

Auditing Internal Control Studies & Risk Assessment Chapter 9 Internal Control Studies & Risk Assessment Chapter 9.

Chapter 8 Auditing in an E-commerce Environment

This Lecture Covers Roles of –Management –IT Personnel –Users –Internal Auditors –External Auditors.

WESTERN PA CHAPTER OF THE AMERICAN PAYROLL ASSOCIATION – NOVEMBER 4, 2015 Risk Management for Payroll.

Dr. Bhavani Thuraisingham Information Security and Risk Management June 5, 2015 Lecture #5 Summary of Chapter 3.

Chapter 5 Evaluating the Integrity and Effectiveness of the Client’s Control Systems.

Safety and Health Program Don Ebert- Risk Manager (509)

CSC4003: Computer and Information Security Professor Mark Early, M.B.A., CISSP, CISM, PMP, ITILFv3, ISO/IEC 27002, CNSS/NSA 4011.

Physical Security at Data Center: A survey. Objective of the Survey  1. To identify the current physical security in data centre.  2.To analyse the.

Corporate Concerns on Cloud Services Environment กษิภัท ธนิตธนาคุณ คอลัมนิสต์ “IT Auditing” นิตยสาร ELEADER กรรมการผู้จัดการ บริษัท เคที ไอที โซลูชั่น.

Review of IT General Controls

Risk management.

Copyright © 2004 South-Western. All rights reserved.

Systems Implementation,

Security Management Practices

IS4680 Security Auditing for Compliance

Chapter 7 Part 1 Internal Control

Chapter 9 Control, security and audit

FORMAL SYSTEM DEVELOPMENT METHODOLOGIES

TRINITY UNIVERSITY HOSPITAL INTERNAL EXIT MEETING

Security Awareness Training: System Owners

Final HIPAA Security Rule

The Practical Side of Meaningful Use:

Cyber Risk & Cyber Insurance - Overview

Unit 11 October 22, 2017.

Managing the IT Function

Presentation transcript:

AUDITING INFORMATION SYSTEMS SECURITY

AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES

AUDITING INFORMATION SYSTEMS SECURITY Information security management framework Auditing logical access Auditing network infrastructure security Auditing engironmental exposures & controls Auditing physical access

Information security management framework The IS Auditor must review: –Written policies, procedures, standards –Logical access security policies –Formal Security awareness & training –Segregation of duties –Security regarding new IT users –Access standards –Terminated employee access - policy

AUDITING LOGICAL ACCESS General understanding of security risks Document and evaluate controls over access paths Test controls over access paths Evaluate access control environment Testing security Review access controls and password administration

Auditing network infrastructure security Review Network diagrams Identify network design implemented Determine applicable security policies, standards etc. Review network administrator procedures Assess remote access points of entry & dial-up access controls

Auditing Environmental exposures and controls Water and smoke detectors Fire extinguishers Fire suppression systems Fireproof walls, floors etc. Electrical Surge Protectors Fully documented & Tested BCP

AUDITING PHYSICAL ACCESS Touring the Information Processing Facility Test the physical safeguards – by observation Test other locations such as location of Operator consoles, printer rooms etc. Evaluate paths of physical entry