Iii yes response no kd 42 it audit manual no item 63

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: nial of service due to an attack with junk faxes, protective measures are taken such as: • limiting the disclosure of fax numbers outside the organisation to a "need-to-know" basis • fax lines used for solicitation of business are not used for other purposes KD Reference: _______________________________ ___________________________________________ 56 57 58 59 60 61 62 IT Audit Manual Volume III Yes Response No KD 42 IT Audit Manual No. Item 63 Whether preventative and detective control measures have been established by management with respect to computer viruses? KD Reference: _______________________________ ___________________________________________ Whether to enforce integrity of electronic value, measures are taken such as: • card reader facilities are protected against destruction, disclosure or modification of the card information • card information (PIN and other information) is protected against insider disclosure • counterfeiting of cards is prevented KD Reference: _______________________________ ___________________________________________ Whether to enforce protection of security features, measures are taken such as: • the identification and authentication process is required to be repeated after a specified period of inactivity • a one-button lock-up system, a force button or a shut-off sequence can be activated when the terminal is left alone KD Reference: _______________________________ _ Identify and allocate costs Whether IT function has a group responsible for reporting and issuing chargeback bills to users Procedures are in place that: • develop a yearly development and maintenance plan with user identification of priorities for development, maintenance and operational expenses • allow for a very high level of user determination of where IT resources are spent • generate a yearly IT budget including: Compliance to organisational requirements in budget preparation Consistency with what costs are to be allocated by the user departments Communication of historical costs, assumptions for new costs- for understanding by users of what costs are included in chargeback 64 65 66 IT Audit Manual Volume III Yes Response No KD 43 IT Audit Manual No. 67 68 69 70 71 Item Yes Response No KD User sign-off on all budget costs to be allocated by IT function Frequency of reporting and actual charging of costs to users • track allocated costs of all IT resources of, but not limited to: Operational hardware Peripheral equi...
View Full Document

This note was uploaded on 10/27/2013 for the course LAW 10-100 taught by Professor Parsons during the One '10 term at Bond College.

Ask a homework question - tutors are online