Information Technology Reference
In-Depth Information
fraudsters who skim credit card information and later use the information to steal money or
make payments for services.
Enterprises need to set up robust cybersecurity procedures in order to ensure that company
resources and customers are protected. Use of firewalls, intrusion detection and prevention
systems, and Internet security applications are useful in order to ensure that enhanced se-
curity is available in the enterprise.
Regular monitoring of various security appliances is recommended as it enables the enter-
prise to have required statistics on threats the company is facing and also enable the enter-
prises to take appropriate action to protect the resources which are used by the enterprise.
The IS auditor is required to audit how users in the enterprise use the Internet and how the
enterprise protects its resources from threats from the Internet. There are various types of
information which the IS auditor can use in order to verify how the enterprise is complying
with Internet security procedures.
Many users access the Internet on a daily basis from their offices, homes, and phones. They
need to be made aware of the dangers of the Internet and how to protect their computers.
Regular security alerts are always important in order to warn users on news breakouts on
viruses or hacking incidents. Enlightened users help in the fight for a secure and protected
environment.
Personal Privacy and Data Protection
Personal privacy is about protecting customer data collected by virtue of business transac-
tions. Various countries have enacted laws which protect information collected from cus-
tomers. Enterprises also have developed personal privacy policies and procedures which
are used to ensure that enterprises comply with national laws.
Personal privacy laws restrict use of information obtained from customers to only author-
ised use. For example if the information was collected for health reasons, that information
shall not be used for any other reason unless permitted by the owner. In some countries,
personal privacy laws are so complex that full-time specialists are employed to handle per-
sonal privacy issues.
Over time the enterprise will collect information on how personal privacy is implemented
in the enterprise, and IS auditors are required to assess this information. In some enter-
prises, IS auditors are required to review personal privacy activities annually or half yearly
for enterprises which hold sensitive personal information.
Database Security
Search WWH ::
Custom Search