Tuesday, May 14, 2019

Security Audit Essay Example | Topics and Well Written Essays - 750 words

Security Audit - Essay ExampleAlso, some team members profaned integrity and confidentiality assertions by disclosing information to external parties. This paper entails the details and implications of security scrutinize procedures carried out and observations noted. Conducting audit Lafleur has a complicated network of information system of ruless in place, with various remote offices and centralized IT function. Therefore, to evaluate this Gordian system, detailed audit procedures were planned including manual as well as automated assessments. Manual assessments principally comprised interviewing procedures, performing physical checks and security scans and reviewing effectiveness of application and logical controls at different levels of organization. We prepared system notes after developing comprehensive understanding of comp anys business activities. Thereafter, we conducted meetings with IT personnel to identify weaker areas requiring much attention and discuss IT polici es and procedures. An exhaustive review of organogram was conducted to ensure proper segregation of duties were in place amidst employees holding influential or connected positions such as COO and CIO or programmer and end-user. automatise assessments were computer-aided techniques whereby software was used to assess reporting and change management capabilities of system. All operating systems, physical equipment and applications were appraised for their good specifications and development capabilities. Contingency and disaster recovery planning for each office was reviewed for effectiveness, physically inspecting for any parachute site and analyzing backup procedures for critical data. Physical security controls, including key cards and biometric devices to different offices were checked for any loopholes allowing unauthorized access. Moreover, environmental controls were also verified to be in place, regulating appropriate temperature and providing adequate fire-fighting equip ment and continual power supply. Additional physical security checks were checked and recommendations were made accordingly, such as bodyguards, locks, single inlet points and surveillance systems. Due to remote offices and presence of wireless networking, interception during transmission system of data was a crucial put under and was tested through procedures. It was ensured that networks are accessible and available at all times to all offices since on that point is a centralized IT function. (http//www.aurco.com/images/security_audit.png) Recommendations Based on findings and observations noted during fieldwork, we made some voluntary and mandatory recommendations to ameliorate information system controls. We recommended that encryption be adopted to avoid intrusion of sensitive data during transmission on wireless networks. Often malwares limit the passage of traffic allowed on network. To combat this, we recommended that firewalls, intrusion staining systems, and antivir us applications essential be installed promptly. We highlighted more focus on protecting information flowing on effort systems, mail servers, intranet networks and host applications that are accessed by customers. Since this company relies heavily on wireless networks, we suggested that dual-control access keys must be designed, maintaining them on system that is exclusively accessible to authorized personnel only (Saint-Germain, 2005). We laid colossal emphasis on monitoring closely all activities being carried out on the network,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.