Information Technology Reference
In-Depth Information
•
Cryptography
- The enterprise should ensure that cryptographic controls are
implemented and effectively managed in order to protect systems and data
during transmission from internal and external threats. The role of the IS
auditor would be to assess the implementation and effectiveness of crypto-
graphic controls. The IS auditor should ensure that the enterprise has a cryp-
tography control policy in place which can be used to implement and man-
age systems which require the use of cryptography.
•
Physical and Environmental Security
- The enterprise should ensure that ap-
propriate physical and environmental security controls are in place, which
include protection of data centres and disaster recovery sites. The IS auditor
should regularly review physical and environmental controls in order to en-
sure protection of data centres, recovery sites and other critical IT rooms.
•
Operations Security
- The enterprise should ensure that business and IT op-
erations are secure by implementing appropriate security measures. Security
should include network security, data backup, systems monitoring, and se-
curity of computing equipment used to process data and facilitate commu-
nication. The IS auditor's role includes reviewing implementation of secur-
ity operations in the enterprise. The IS auditor should ensure that appropri-
ate security is provided to IT operations, such as physical and logical access
controls. The IS auditor would also be required to review operational pro-
cedures and responsibilities.
•
Communications Security
- The enterprise should ensure that communica-
tions between networks are secure. Communication between enterprises is
conducted using several methods such as email, text, conversations, docu-
ment sharing, voice, and video. The IS auditor has a role of reviewing secur-
ity of communication systems so that data and information is protected.
•
Information Systems Acquisition, Development, and Maintenance
- The IS
auditor should get involved in the deployment of systems from procurement
up to maintenance and ensure that appropriate controls are implemented.
System deployment includes a number of activities which require review by
the IS auditor in order to ensure appropriate security controls are included
and effective.
•
Supplier Relationships
- Enterprises should ensure that supplier relation-
ships are protected by having service-level agreements, which will ensure
that agreed services are provided by suppliers in a secure and protected en-
Search WWH ::
Custom Search