Being identified and analysed for feasibility in each

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ant owner/sponsor prior to making the decision whether to develop or modify a proposed new or modified system project from a designated member of the IT function • attention is paid to the enterprise data model while solutions are being identified and analysed for feasibility • in each proposed system development, implementation or modification project, an analysis is prepared and documented of the security threats, potential vulnerabilities and impacts, and the feasible security and internal control safeguards for reducing or eliminating the identified risk • the costs and benefits of security are carefully examined to guarantee that the costs of controls do not exceed the benefits • formal management sign-off of the cost/benefit study • appropriate audit trails and controls are required to be built into all proposed new or modified systems during the design phase of the project • audit trails and controls provide the possibility to protect the users against discovery and misuse of their identity by other users (e.g., by offering anonymity, pseudonymity, unlinkability or unobservability), without jeopardising the systems security each proposed system development, implementation or modification project pay attention to ergonomic issues associated with the introduction of automated systems • IT management identify all potential system software programmes that will satisfy its operational requirements • products be reviewed and tested prior to their use and financial settlement IT Audit Manual Volume III 26 IT Audit Manual No. 119 120 121 122 Item Yes Response No KD • software product acquisitions follow the organisation's procurement policies setting the framework for the creation of the request for proposal, the selection of the software product supplier and the negotiation of the contract • for licensed software acquired from third-party providers, the providers have appropriate procedures to validate, protect and maintain the software product's integrity rights • procurement of contract programming services be justified with a written request for services from a • an acceptance plan for facilities is agreed upon with the supplier in the contract and this plan defines the acceptance procedures and criteria • the end products of completed contract programming services be tested and reviewed according to the related standards by the IT quality assurance group and other concerned parties before payment for the work and approval...
View Full Document

This note was uploaded on 10/27/2013 for the course LAW 10-100 taught by Professor Parsons during the One '10 term at Bond College.

Ask a homework question - tutors are online