Security Risk&Audit Made easy
-
Upload
girish-mehta -
Category
Documents
-
view
212 -
download
0
Transcript of Security Risk&Audit Made easy
-
8/19/2019 Security Risk&Audit Made easy
1/1
Team
CE -> Girish -> IT risk + IT sec + IT audit
fnacle (treasure, ib) + fnone + crm + hrms
Mandate
An Application Audit, should, at a minimum determine the eistence o! controls in
the !ollo"in# areas$
• Inputs controls (%ata input checked !or limits, ran#e checks, permitted
&alues)
• 'rocessin# ('rocessin# is complete, accurate and authoried)
• utputs (utput in inte#ral)
• *o#ical ecurit (Access control)
o umber o! allo"able unsuccess!ul lo#-on attempts
o .ole based access control
o uper user control
o /our ee principle !or transactions
o ession time outs
• Audit trails and lo#s
• %ata stora#e, retrie&al and archi&in# controls
The team can #o throu#h Test Cases !or an application and see i! the test cases are
su0cient to address the controls mechanisms, i! the team has doubts o! su0cienc
the can carr out a test run themsel&es1
Audit trail on the applications needs to be checked thorou#hl and manuall in
order to ensure that accountabilit o! user actions on the application1