Information Technology Reference
In-Depth Information
management. Auditors audit backup policy and procedures in order to ensure that backups
are being performed as per policy and that the enterprise is able to recover in the event of
an incident impacting on data, information, or IT facilities. Backup operations generate in-
formation which IS auditors can use as evidence, such as daily backup records (manual or
electronic), testing of backups, storage of backups, and monitoring of backup operations.
Network Security
Network security involves securing IT assets and data on the enterprise computer network.
There are various threats which can harm the enterprise in terms of its resources, such as
data and information. Typical threats from outside the enterprise network are hackers who
are interested in stealing data or destroying hardware and software used by the enterprise
to conduct its business.
Firewalls are security devices which are used to prevent unauthorised outsiders from ac-
cessing internal network resources of an enterprise. There are various types of firewalls
which can be installed to handle this task. There are mainly two types of firewalls, which
are hardware firewalls and software firewalls, although in real terms, all firewalls use soft-
ware which either run on a dedicated hardware device or on a server.
In order to ensure effective management of network security, firewalls should be mon-
itored. Monitoring will provide information to management on how effective the devices
are in protecting the enterprise. Without monitoring, the enterprise will not know whether
the devices are effectively protecting the enterprise. The enterprise can use software tools
which can extract data from firewalls and display it in readable form such as figures and
graphs. The security department can regularly summarise and comment on the data and
provide advice to management.
Network security can also be used to ensure that data is properly routed within the internal
network by using devices such as network switches and routers. These devices can be con-
figured in such a way that traffic between computer devices is routed according to secure
and defined routes.
As part of its security strategy, the enterprise may install intrusion detection and prevention
systems which will ensure that intruders are detected or prevented from accessing network
resources.
The IS auditor will have access to data generated by various devices which he can use as
evidence to support compliance with security policies and procedures. The data can also be
used to verify that security systems are working as planned.
Application System Security
Search WWH ::
Custom Search