Presentation is loading. Please wait.

Presentation is loading. Please wait.

AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES.

Published byRussell Greer Modified over 9 years ago

Similar presentations

Presentation on theme: "AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES."— Presentation transcript:

1 AUDITING INFORMATION SYSTEMS SECURITY

2 AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES

3 AUDITING INFORMATION SYSTEMS SECURITY Information security management framework Auditing logical access Auditing network infrastructure security Auditing engironmental exposures & controls Auditing physical access

4 Information security management framework The IS Auditor must review: –Written policies, procedures, standards –Logical access security policies –Formal Security awareness & training –Segregation of duties –Security regarding new IT users –Access standards –Terminated employee access - policy

5 AUDITING LOGICAL ACCESS General understanding of security risks Document and evaluate controls over access paths Test controls over access paths Evaluate access control environment Testing security Review access controls and password administration

6 Auditing network infrastructure security Review Network diagrams Identify network design implemented Determine applicable security policies, standards etc. Review network administrator procedures Assess remote access points of entry & dial-up access controls

7 Auditing Environmental exposures and controls Water and smoke detectors Fire extinguishers Fire suppression systems Fireproof walls, floors etc. Electrical Surge Protectors Fully documented & Tested BCP

8 AUDITING PHYSICAL ACCESS Touring the Information Processing Facility Test the physical safeguards – by observation Test other locations such as location of Operator consoles, printer rooms etc. Evaluate paths of physical entry

Download ppt "AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES."

Similar presentations

All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.

All Rights Reserved, Duke Medicine 2007 IT Security Presented by: Trisha Craig and Don Elsner Principal Auditors – IT Audit Duke University 1.
Information Technology Control Day IV Afternoon Sessions.

Information Technology Control Day IV Afternoon Sessions.
Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.

Information Systems Audit Program (cont.). PHYSICAL SECURITY CONTROLS.
Auditing Computer Systems

Auditing Computer Systems
Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.

Physical and Environmental Security Chapter 5 Part 1 Pages 427 to 456.
Audit Considerations of Data Center Consolidation Jon Ingram Audit Manager Information Technology Audits Florida Auditor General 1.

Audit Considerations of Data Center Consolidation Jon Ingram Audit Manager Information Technology Audits Florida Auditor General 1.
Security Controls – What Works

Security Controls – What Works
Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  17 000 on 136 000 companies  avg case 46 000 £  France.

Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  on companies  avg case £  France.
Information Security Policies and Standards

Information Security Policies and Standards
School Safety Training

School Safety Training
Pertemuan 5-6 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 5-6 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Qualitative.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.
PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 8 IT Governance: Management Control of Information.

PowerPoint Presentation by Charlie Cook Copyright © 2004 South-Western. All rights reserved. Chapter 8 IT Governance: Management Control of Information.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Process Analysis: Fire Safety At Workplace CM2180 Student Sample.

Process Analysis: Fire Safety At Workplace CM2180 Student Sample.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.

1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
INTRODUCTION. Department Policy The Department of Environmental Protection recognizes that it has the obligation to provide for the health and safety.

INTRODUCTION. Department Policy The Department of Environmental Protection recognizes that it has the obligation to provide for the health and safety.
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.

Similar presentations

Ads by Google