Kd reference whether 4

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ___ ___________________________________________ Whether cryptographic key management standards exist for both centralised and user activity? KD Reference: _______________________________ ___________________________________________ Whether change control over security software is formal and consistent with normal standards of system development and maintenance? KD Reference: _______________________________ ___________________________________________ Whether the authentication mechanisms in use provide one or more of the following features: • single-use of authentication data (e.g., passwords are never re-usable) • multiple authentication (i.e., two or more different authentication mechanisms are used) IT Audit Manual Volume III 40 IT Audit Manual No. 49 50 51 52 53 54 Item Yes Response No KD • policy-based authentication (i.e., ability to specify separate authentication procedures for specific events) • on-demand authentication (i.e., ability to reauthenticate the user at times after the initial authentication) KD Reference: _______________________________ ___________________________________________ Whether the number of concurrent sessions belonging to the same user is limited? KD Reference: _______________________________ ___________________________________________ Whether at log-on, an advisory warning message to users regarding the appropriate use the hardware, software or connection logged on? KD Reference: _______________________________ ___________________________________________ Whether a warning screen is displayed prior to completing log-on to inform reader that unauthorised access may result in prosecution? KD Reference: _______________________________ ___________________________________________ Whether upon successful session establishment, a history of successful and unsuccessful attempts to access the user's account is displayed to the user? KD Reference: _______________________________ ___________________________________________ Whether password policy includes: • initial password change on first use enforced • an appropriate minimum password length • an appropriate and enforced frequency of password changes • password checking against list of not allowed values (e.g., dictionary checking) • adequate protection of emergency passwords KD Reference: _______________________________ ___________________________________________ Whether formal problem resolution procedures include: • User ID is suspended after 5 repeated unsu...
View Full Document

This note was uploaded on 10/27/2013 for the course LAW 10-100 taught by Professor Parsons during the One '10 term at Bond College.

Ask a homework question - tutors are online