3 application level firewalls the inherent nature of

Info icon This preview shows pages 3–5. Sign up to view the full content.

View Full Document Right Arrow Icon
3. Application level firewalls: The inherent nature of application level firewalls require that the operating system be as secure as possible due to the close binding of these two components. Thus, the auditor should ensure that the security on the operating system is secure before evaluating the security offered by the application level firewall. 4. Review the policies governing firewall settings. Ensure laptop users are required to use personal firewalls or other similar methods of protection when connecting through the VPN or dial in servers. Change Management 1. Review the change request process for both in-house changes and changes performed by contractors or vendors. 2. Determine if change requests are appropriately approved and supported by documentation. Physical Security: 1. Evaluate security of the network wiring. 2. Evaluate security of the network devices. Business Continuity Planning Is the core network included in the Disaster Recovery Plan (DRP)? Page 3 of 13
Image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
UC Core Audit Program Audit Program and Internal Control Questionnaire Network Management Access controls Describe the access control methods used for the various types of network devices (firewall, logging server, routers, switches, etc.) Maintenance 1. Is equipment life tracked? Are hot spares of key equipment maintained? 2. Is maintenance scheduled through the change control process? If not, evaluate. 3. Evaluate any maintenance service contracts. C. Following completion of the general overview steps outlined above, a high-level risk assessment should be performed and documented in a standardized working paper (e.g., a risk and controls matrix). To the extent necessary, as determined by the auditor, this risk assessment may address aspects of other areas outlined below (financial reporting, compliance, operational efficiency and effectiveness; and information systems). In addition to the evaluations conducted in the general objectives section, the risk assessment should consider the following: annual expenditures; time since last review, recent audit findings; organizational change; regulatory requirements, etc. III. Financial (24 hrs) A. The following table summarizes audit objectives and corresponding high-level risks regarding financial network management processes. Audit Objective Areas of Risk Evaluate the adequacy of financial resources, and appropriate financial planning consistent with the objectives of Network Management. Include the following components: Appropriate investment in capital equipment, Appropriate investment in human resources. Appropriate management of contracts Does information technology (IT) governance provide adequate consideration of financial needs Poor systems performance, Inadequate capacity Inefficiency use of resources All other risks Inadequate funding of key positions Budgeting processes may not adequately align resources with key business objectives.
Image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern