Information Technology Reference
In-Depth Information
for use on corporate networks by management. It is common to find users connect-
ing to both the unsecure external network using dongles and, at the same time, con-
necting to the secure local network using Ethernet connections or other technologies.
This exposes the internal network to possible hacking from unauthorised users on the
unsecure external network.
IS auditors should ensure that modems are configured properly and are compliant with
standard configurations approved by management.
g) Telephone Systems
It is important to understand why enterprises are integrating telephone systems into the
corporate network infrastructure. One reason of course is that IP telephone systems
are more efficient than ordinary telephone systems. The other reason is to take ad-
vantage of the many good features of IP telephone systems, which include storing
telephone data on company storage. The enterprise might require that customers'
telephone records are kept for legal reasons, and storing such data in digital format
is more efficient in terms of both storage space and retrieval.
Mobile phone systems are nowadays also integrated into corporate telephone networks
in order to ensure quick and easy communication across networks. Data generated
on mobile phones, in addition to voice data, include SMS, emails, and social media
records, such as Facebook and Twitter data.
Data generated using telephone systems need to be protected as it is important corporate
data. IS auditors need to ensure that telephone data and supporting systems are pro-
tected and that, in the event of an incident, the data can be recovered.
Digital telephone systems can also be attacked by viruses and hackers. Necessary pro-
tection needs to be provided in order to secure telephone systems. Social engineering
is also one possible attack which enterprises need to be aware of and use IS auditors
to ensure that necessary policies and procedures are in place and supported by user
awareness programs.
h) CCTV
Closed-circuit television (CCTV) has grown in importance and use as it provides tools
for monitoring activities in the enterprise. The records obtained can be used as evid-
ence in a court of law in the event that there is fraud or theft. Use of CCTV has been
on the increase, and many enterprises have deployed CCTV in their environments. In
some countries, it is a legal requirement to install CCTV in key and sensitive areas.
Search WWH ::
Custom Search