Thursday, May 9, 2019
Information Security Audit And Assurance Essay Example | Topics and Well Written Essays - 3250 words
Information credentials trunk Audit And Assurance - Essay Example selective information is stored in a database that makes access, retrieval and manipulation flourishing and more vouch (Chrisopher, 2012). The Department of information technology in the formation oversees the security of the information system and hardware that is used in running all the activities in the organization. Computer and information security entails the safeguarding of computing machine resources, limiting access to authorized users, ensuring data integrity, maintaining data confidentiality and enhancing accountability in the organization (Chrisopher, 2012). The effective security will therefore involve taking security measures to ensure hardware and media are not stolen or damaged. Developing back up strategies to minimize loss of data and information, encryption of sensitive data files and give up user identification (Ruskwig, 2012). Audit checklist INFORMATION SECURITY SYSTEM AUDIT AND ASSUARANC E CHECKLIST Personnel/ Human resources term of enlistment item Answer Responsibility Who has the responsibility for ensuring system security? employee Do employees and other users of the system direct the knowledge and learn on how to handle security threats? Training Do the personnel and staff fraction with any responsibility of system security have adequate training and do they receive training to support their roles? Computer security policy Is there a documented security policy that is amply supported by the senior management , with associated operating systems Non disclosure Agreements Is there confidentiality agreements to sensitive employee data and information and its disclosure to third parties Process Audit Are the installed systems in the caller-up including security systems and firewalls installed in the company audited on a regular basis? Software patches Do mechanisms exist that are used to position software patches at the security systems in the company in a t imely and audited manner? Data protection Are employee and company data well secured in the database? And comply with the legislative frameworks such as data privacy Act. Authentication Are there reliable and effective authentication mechanisms in the organization? Technology External network security Are there security measures such as misdemeanor detectors, firewalls that are used to protect against external computer access such as net. Are these preventive measures authorized by the senior management. Content monitoring Is there proper monitoring of the content of emails, and internet to prevent virus infection, internet fraud, SPAM and too litigation from the improper use and improper content. anti virus Is there an installed antivirus and is it up to date, are all users trained and educated on how to identify and stave off suspected files to avoid virus and malware infection. Physical security Are critical IT systems, equipment and servers, stored in a secure and protected area free from unauthorized access? Security policy. Policy statement The department of information technology in the organization is vested with the responsibility to provide the substantial data security and confidentiality of all the resources, data and information that are held in the organization which include local storage media, or remotely put in order to ensure the continuous availability resources and data to the authorized users in the organization and also to provide integrity of these data and configuration controls (Ruskwig, 2012). Security policies a) The data
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment