INFORMATION SYSTEM AUDIT Alex.docx - CX APPLICATION...

This preview shows page 1 - 4 out of 8 pages.

CX APPLICATION INFORMATION AUDIT REPORT
INFORMATION SYSTEM AUDIT; USIU STUDENT PORTAL, CX Introduction Applications are software programs that facilitate an organization’s key business processes including finance, human resources, case management, licensing and billing. Each year we review a selection of important applications that organizations rely on to deliver services. We focus on the key controls that ensure data is completely and accurately captured, processed and maintained. Failings or weaknesses in these controls have the potential to affect the organization and the public. Impacts range from delays in service and loss of information, to possible fraudulent activity and financial loss. Audit objectives Our objectives for carrying out this audit are specific. The purpose of conducting this audit is to ascertain that: Check that there is adequate system security i.e CX is secure Implications of system down time are clearly outlined and plans to bring up the system in the shortest time possible are in place. System maintenance is performed on a regular basis The performance of the Network is monitored, and attack vectors and the frequency of attacks are well documented. The hardware used for hosting, storing, processing and transmission of data has met the specifications and security features. Audit scope The scope of this audit centered on the information systems used by United States International University to process and/or store students’ data. The CX is an inhouse developed application tailor made to meet the business processes and requirements of the university. CX can run in most systems if not all windows, macOS, android, iOS, operating systems but to mention a few with devices ranging from computers to mobile phones. The application is housed in servers in the library and a backup one remotely. This backup server is used to facilitate continued normal business operations. The downside of this is that the network becomes overloaded with requests leading to untimely responses. The security design of the system is somewhat questionable, noticing no further than one factor authentication during login. This leaves the system vulnerable to shoulder surfing, man in the middle, phishing and other cyber-attacks. Two factor authentication and more is recommended. The application is hosted in a secure web server which is a positive factor in combating phishing and making it recognizable as secure and legitimate. The application implication to the network is that it could get slow with the many incoming requests. The application can be accessed remotely, this much traffic
activity in the network makes in a bit slower and sometimes crushes due to these many requests. This is experienced during registration of classes and posting of end-semester examinations.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture