Volume iii 41 it audit manual no item 55 whether dial

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ccessful log-on attempts • Date, time of last access and number of unsuccessful attempts is displayed to authorised user at log-on • Authentication time is limited to 5 minutes, after which the session is terminated • User is informed of suspension, but not the reason for it KD Reference: _______________________________ ___________________________________________ IT Audit Manual Volume III 41 IT Audit Manual No. Item 55 Whether dial in procedures include dial-back or token based authentication, frequent changes of dial-up numbers, software and hardware firewalls to restrict access to assets and frequent changes of passwords and deactivation of former employees' passwords? KD Reference: _______________________________ ___________________________________________ Whether location control methods are used to apply additional restrictions at specific locations? KD Reference: _______________________________ ___________________________________________ Whether access to the VoiceMail service and the PBX system are controlled with the same physical and logical controls as for computer systems? KD Reference: _______________________________ ___________________________________________ Enforcement of sensitive position policies occurs, including: • employees in sensitive job positions are required to be away from the organisation for an appropriate period of time every calendar year; during this time their user ID is suspended; and persons replacing the employee are instructed to notify management if any security-related abnormalities are noted • unannounced rotation of personnel involved in sensitive activities is performed from time to time KD Reference: _______________________________ ___________________________________________ Whether security-related hardware and software, such as cryptographic modules, are protected against tampering or disclosure, and access is limited to a "need to know" basis? KD Reference: _______________________________ ___________________________________________ Whether access to security data such as security management, sensitive transaction data, passwords and cryptographic keys is limited to a need to know basis? KD Reference: _______________________________ ___________________________________________ Whether trusted paths are used to transmit non-encrypted sensitive information? KD Reference: _______________________________ ___________________________________________ Whether to prevent de...
View Full Document

This note was uploaded on 10/27/2013 for the course LAW 10-100 taught by Professor Parsons during the One '10 term at Bond College.

Ask a homework question - tutors are online