Kd reference item it

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ding centralised direction and control over information system security, along with user security requirements for consistency? KD Reference: _______________________________ ___________________________________________ Whether centralised security organisation is in place responsible for ensuring only appropriate access to system resources? KD Reference: _______________________________ ___________________________________________ Item IT Audit Manual Volume III Yes Response No KD Yes Response No KD 39 IT Audit Manual 41 42 43 44 45 46 47 48 Whether data classification schema is in place and being used, that all system resources have an owner responsible for security and content? KD Reference: _______________________________ ___________________________________________ Whether user security profiles are in place representing "least access as required" and profiles are regularly reviewed by management for re-accreditation? KD Reference: _______________________________ ___________________________________________ Whether employee indoctrination includes security awareness, ownership responsibility and virus protection requirements? KD Reference: _______________________________ ___________________________________________ Whether reporting exists for security breaches and formal problem resolution procedures are in place, and these reports include: • unauthorised attempts to access system (sign on) • unauthorised attempts to access system resources • unauthorised attempts to view or change security definitions and rules • resource access privileges by user ID • authorised security definitions and rule changes • authorised access to resources (selected by user or resource) • status change of the system security • accesses to operating system security parameter tables KD Reference: _______________________________ ___________________________________________ Whether cryptographic modules and key maintenance procedures exist, are administered centrally and are used for all external access and transmission activity? KD Reference: ____________________________...
View Full Document

Ask a homework question - tutors are online