Information Technology Reference
In-Depth Information
clude sites such as Facebook, WhatsApp, and Twitter. Because mobile social me-
dia provides instant communication, most users prefer to use such media. There are
many other social media sites in use worldwide but vary in popularity and focus.
Social media have grown in usage and popularity worldwide such that it is now part of
our lives just like mobile phones have changed the way we communicate. Actually
the drive on the growth of social media has been mobile phones.
Because businesses are also generating data on social media, enterprises should protect
this business data and store it for current and future use. Audit objectives would in-
clude security of data, access to data, risk to data, securing web applications, and
protection of social media communities.
d) Web Portals
Web portals are web pages or websites dedicated to providing specific information to
users or customers. Web portals would have information extracted from company
databases or intranets. Web portals can be used to provide a standard set of data such
as dashboards to systems administrators monitoring IT systems or customers inter-
ested in specific product information. Web portals serve various purposes, and be-
cause they use corporate data in many cases, it is important that this data is protected.
Some enterprises provide read only access to data without features for interacting
with users. Where user interaction is required, access to data is a key consideration.
Measures should be put in place to ensure that access to data is controlled.
Web portals and websites are often attacked by hackers in order to bring down the sites
for personal or commercial reasons. The IS auditor has an important task of making
sure that web developers include all necessary controls and security features in order
to protect web portals. The IS auditor should review the web portals with a view of
finding out if they are compliant with web portal security and controls.
e) Cybersecurity
Cybersecurity is the protection of IT systems from deliberate or intentional destruction
or modifications. IT systems need to be protected from viruses and hackers both in-
ternal and external to the enterprise such as the Internet. Most cybersecurity chal-
lenges originate from the use of the Internet. Different measures are usually put in
place to protect both IT systems and data which is generated when using IT systems.
Enterprises implement cybersecurity based on security standards or frameworks. A com-
mon standard used for implementing information security is ISO 27001, and IS aud-
Search WWH ::
Custom Search