Information Technology Reference
In-Depth Information
ternet. There is no sizable enterprise with geographically dispersed customers today which
does not use email to communicate.
a) The Internet
The Internet is a large public network with millions of users providing or receiving vari-
ous types of services. The Internet has grown so large that it produces millions of
megabytes per day. The Internet consists of the World Wide Web, which we use to
host websites, the email systems, which we are so dependent on to send and receive
emails, and the file transfer protocol, which we use to download files and documents
for personal or business use.
Enterprises use the Internet to conduct business and also communicate with customers
and business partners. Many financial transactions are conducted on the Internet by
enterprises around the world. Customers also purchase various types of goods and
services on the Internet. Not all Internet users have good intentions. Others are there
to defraud enterprises or hack into their systems in order to steal corporate data. Over
the years, we have seen how vulnerable Internet users are with many large enter-
prises having their customer data, such as credit card information, exposed to the
public.
Enterprises are always investigating new ways of protecting their resources from threats
which exist by connecting to the Internet. Various types of security measures are im-
plemented in order to secure company resources from hackers on the Internet. Secur-
ity companies have developed different types of security software just dedicated to
protecting IT systems.
The IS auditor has a very important role of ensuring that company resources are protec-
ted from threats which exist on the Internet. IS auditors are often required to carry
out reviews based on various audit objectives such as:
1. protection of users and enterprises from hackers
2. protection of computer systems from viruses and malware
3. provision of firewall protection
4. provision of intrusion detection
5. provision of intrusion prevention
6. secure routing of Internet traffic
7. controlled Internet access in the office
8. controlled use of web applications
9. protection of email systems.
Search WWH ::
Custom Search