UNPAD03 - IT Environment2 v1

7/24/2019 UNPAD03 - IT Environment2 v1

1/64

Technology and SecurityRisk Services

3 Oct 2005 1

Session 3

IT Environment (2)

for Universitas PadjadjaranAccounting Department

IT Audit S1 Regular Class

by Isnaeni Achdiat, CISA, CIA, CISMShinta Marina

Session 3

IT Environment (2)

for Universitas PadjadjaranAccounting Department

IT Audit S1 Regular Class

by Isnaeni Achdiat, CISA, CIA, CISMShinta Marina 1 October 2005


2/64

IS Audit SyllabusIS Audit Syllabus

No Subject Name Date1 Introduction of IS Audit 17-Sep-05

2 IT Environment (1) 24-Sep-05

3 IT Environment (2) 1-Oct-05

4 IT Processes 8-Oct-05

5 General Computer Control Review (1) 15-Oct-05

6 General Computer Control Review (2) 22-Oct-05

7 General Computer Control Case Study 29-Oct-05

8 Mid-semester Exam 12-Nov-05

9 Application Control Review (1) 19-Nov-05

10 Application Control Review (2) 26-Nov-05

11 Application Control Case Study 3-Dec-05

12 IT Sarbanes-Oxley and IT Governance 10-Dec-05

13 IT Security and Data Analysis Approach 17-Dec-05

14 IT Risk Management & ERP Systems 24-Dec-05

15 Final Exam TBA

3 Oct 2005 2


3/64


3 Oct 2005 3

AgendaAgenda

Operating Systems Application Software

Database and DBMS

Data Center

Network & telecommunication infrastructure

Internet & Firewalls

Operating Systems Application Software

Database and DBMS

Data Center

Network & telecommunication infrastructure

Internet & Firewalls


4/64

Session 3 ObjectivesSession 3 Objectives

Gain understanding of the importance and role of IT

for the Business Understand IT organization & its requirements

Introduce the students to: The concepts of operating systems, database, applications andData Centers.

The risks and controls associated with them, and

The basic audit/review aspects and considerations of the aboveconcepts.

Gain understanding of the importance and role of IT

for the Business Understand IT organization & its requirements

Introduce the students to: The concepts of operating systems, database, applications and

Data Centers.

The risks and controls associated with them, and

The basic audit/review aspects and considerations of the aboveconcepts.

3 Oct 2005 4


5/64


3 Oct 2005 5

Operating SystemsOperating Systems


6/64

Operating SystemsOperating Systems

Operating systems tasks

Major Operating Systems

Operating Systems Software Risks and Controls

Operating systems review/audit techniques

Operating systems Audit Tools

Operating systems tasks

Major Operating Systems

Operating Systems Software Risks and Controls

Operating systems review/audit techniques

Operating systems Audit Tools

3 Oct 2005 6


7/64

Operating Systems

Operating systems task

Operating Systems

Operating systems task

Permits users to share hardware, data

Schedules resources among users Informs users of any errors that occur with the

processor, I/O or programs

Recovery from system errors Communication between the O/S and application

programs, allocating memory to processors, andmaking the memory available upon the completion of a

process System file and system accounting management

Permits users to share hardware, data

Schedules resources among users Informs users of any errors that occur with the

processor, I/O or programs

Recovery from system errors Communication between the O/S and applicationprograms, allocating memory to processors, andmaking the memory available upon the completion of a

process System file and system accounting management

3 Oct 2005 7


8/64

Operating Systems

Major Operating systems

Operating Systems

Major Operating systems

Mainframe

MVS, Unisys, etc

Midrange/Minicomputers

OS/400, VMS, Unix, SunOS, etc

Micro computers Unix, Windows NT, Windows2000, Novell Netware, OS/2, MacOS,DOS, Linux

Mainframe

MVS, Unisys, etc

Midrange/Minicomputers

OS/400, VMS, Unix, SunOS, etc

Micro computers Unix, Windows NT, Windows2000, Novell Netware, OS/2, MacOS,DOS, Linux

3 Oct 2005 8


9/64

Operating Systems

Risks and Controls

Operating Systems

Risks and Controls

Risks Controls

Unauthorized access Strong security management(including user rights and passwordcontrols management)

Separation of duties

Poor logging and audit trails Auditors involvement in requirementand design phase

Periodic review of log

Incompatibility withapplications

Change management

3 Oct 2005 9


10/64

Operating Systems

Review/Audit techniques

Operating Systems

Review/Audit techniques System software selection procedures

Address IS and business plan, meet control requirement, feasibility study, cost benefit analysis

Installation controls Written plan for installation, documentations, identification before being placed to production

Maintenance activities

Change controls for system software Access limitation to library, changes are documented and tested

Systems documentation

Licensing protect against the possibility of penalties

protect from public embarrassment

Security parameters (special functions, passwords)

Audit and logging

System software selection procedures Address IS and business plan, meet control requirement, feasibility study, cost benefit analysis

Installation controls Written plan for installation, documentations, identification before being placed to production

Maintenance activities

Change controls for system software Access limitation to library, changes are documented and tested

Systems documentation

Licensing protect against the possibility of penalties

protect from public embarrassment

Security parameters (special functions, passwords)

Audit and logging

3 Oct 2005 10


11/64

Operating Systems

O/S Audit tools

Operating Systems

O/S Audit tools

AS/400

PentaSafe

Windows NT

Systems Scanner, Kane Security Analyst (KSA), NMAP for NT,Retina, BindView

UNIX

COPS (Computer Oracle and Password System), Tripwire, NMAP,PC-Unix Audit

AS/400

PentaSafe

Windows NT

Systems Scanner, Kane Security Analyst (KSA), NMAP for NT,Retina, BindView

UNIX

COPS (Computer Oracle and Password System), Tripwire, NMAP,PC-Unix Audit

3 Oct 2005 11

Technology and Security


12/64


3 Oct 2005 12

Application SoftwaresApplication Softwares


13/64

What is Application Software?

A software that is designed and created to

perform specific personal, business orscientific processing task, such as word

processing, interactive game, business

application, etc.

3 Oct 2005 13


14/64

Categories of software

In-house developed application

Integrated application (e.g. ERP systems:

SAP, JDE, PeopleSoft, Oracle, etc)

Package application (e.g. ACCPAC,

Picador, etc)

3 Oct 2005 14

Technology and Security


15/64


3 Oct 2005 15

Database and DBMSDatabase and DBMS


16/64

Database & DBMSDatabase & DBMS

What database is

Database structure

Data management

Database Management Systems (DBMS)

Risks and controls over database

Database audit/review consideration

Sample of ORACLE database review

What database is

Database structure

Data management

Database Management Systems (DBMS)

Risks and controls over database

Database audit/review consideration

Sample of ORACLE database review3 Oct 2005 16


17/64

Database & DBMS

What database is

Database & DBMS

What database is

A collection of information organized in such a

way that a computer program can quicklyselect desired pieces of data

Organized by: Fields

Records Files

A collection of information organized in such a

way that a computer program can quicklyselect desired pieces of data

Organized by:

Fields

Records Files

3 Oct 2005 17


18/64

Database & DBMS

Database structure

Database & DBMS

Database structure Hierarchical database model

Data is organized as a tree structure

Parent and child, child can not have more than 1 parent Ex. IBMs IMS (Information Mgt. Systems)

Network database model Data related through sets, allow reverse pointers

Ex. CAs IDMS

Relational Database model Unlike Hierarchical and Network, RDBMS separated app. and data

Models information in table (column and rows)

Ex. IBMs DB2, Oracle, Sybase, MS Access, Paradox, DBASE

Object-oriented database Simplify programming, flexible, deals with variety of data types

Ex. Objectivity/DB, IBM San Fransisco, ONTOS DB, ObjectStore

Hierarchical database model Data is organized as a tree structure

Parent and child, child can not have more than 1 parent Ex. IBMs IMS (Information Mgt. Systems)

Network database model Data related through sets, allow reverse pointers

Ex. CAs IDMS

Relational Database model Unlike Hierarchical and Network, RDBMS separated app. and data

Models information in table (column and rows)

Ex. IBMs DB2, Oracle, Sybase, MS Access, Paradox, DBASE

Object-oriented database Simplify programming, flexible, deals with variety of data types

Ex. Objectivity/DB, IBM San Fransisco, ONTOS DB, ObjectStore

3 Oct 2005 18


19/64

Database & DBMS

Database structure example

Database & DBMS

Database structure example

3 Oct 2005 19


20/64

Database & DBMS

Data Management

Database & DBMS

Data Management

Data management

Process to control data buffering, performs I/Ooperations and deals with file management activities

Data management file organization Sequential

Indexed sequential

Direct random access

Data management

Process to control data buffering, performs I/Ooperations and deals with file management activities

Data management file organizationSequential

Indexed sequential

Direct random access

3 Oct 2005 20


21/64

Database & DBMS

Database Management Systems

Database & DBMS

Database Management Systems

DBMSs are software that organize, control, and use

the data required by application programs (act as aninterface).

Purpose:

To manage data Relieves the application of file handling

Maintains the integrity of data

Ensures that the data is available to multiple applications

Provide access control and security over data

DBMSs are software that organize, control, and use

the data required by application programs (act as aninterface).

Purpose:

To manage data Relieves the application of file handling

Maintains the integrity of data

Ensures that the data is available to multiple applications

Provide access control and security over data

3 Oct 2005 21


22/64

Database & DBMS

Risks and Controls

Database & DBMS

Risks and Controls

Risks Controls

Confidentiality Access control mechanism

Data ownership assignment

Integrity (incl. alteration) Referential integrity checkLogging

Change management

Availability Backup and recovery procedure

3 Oct 2005 22


23/64

Database & DBMS

Review/audit consideration

Database & DBMS

Review/audit consideration

Security (protection from unauthorized access)

User can only access authorized data (by logon ID password, andaccess control)

Program can only access the required data to complete atransaction (by schema or subschema)

Integrity (protection from accidental or erroneousdestruction of data) How DBMS handle concurrent updates

DBMS maintenance (including fixing and testing) Functions performed by DBA

Security (protection from unauthorized access) User can only access authorized data (by logon ID password, and

access control)

Program can only access the required data to complete atransaction (by schema or subschema)

Integrity (protection from accidental or erroneousdestruction of data) How DBMS handle concurrent updates

DBMS maintenance (including fixing and testing) Functions performed by DBA

3 Oct 2005 23



24/64

Risk Services

3 Oct 2005 24

Data CenterData Center



25/64


Data Center is the business of providing a physicallocation as well as the applicable IT services (i.e.bandwidth to the Internet, facilities management,

hardware/software, IT services, etc.) to run computerapplications (i.e. website, e-mail, trading systems etc.) ata site that is generally, remotely located from a corporate

or individuals owned premises. The eventual goal is tofully outsource corporate IT requirements, leveragingeconomies of scale at price points and service levels that

are difficult to achieve in-house.

Data Center is the business of providing a physicallocation as well as the applicable IT services (i.e.bandwidth to the Internet, facilities management,

hardware/software, IT services, etc.) to run computerapplications (i.e. website, e-mail, trading systems etc.) ata site that is generally, remotely located from a corporate

or individuals owned premises. The eventual goal is tofully outsource corporate IT requirements, leveragingeconomies of scale at price points and service levels thatare difficult to achieve in-house.

3 Oct 2005 25


26/64

3 Oct 2005 26


27/64

3 Oct 2005 27


28/64

3 Oct 2005 28


29/64

3 Oct 2005 29


30/64

3 Oct 2005 30

Di i (T K l k)Di i (T K l k)


31/64

Discussion (Tugas Kelompok)Discussion (Tugas Kelompok)

What are the risks associated with Data

Center??

and what controls can mitigate the risks??

What are the risks associated with Data

Center??

and what controls can mitigate the risks??

3 Oct 2005 31



32/64

3 Oct 2005 32

NetworkNetwork

Network & telecommunication infrastructureNetwork & telecommunication infrastructure


33/64

Network & telecommunication infrastructureNetwork & telecommunication infrastructure

Network Eras

Network architecture

Data Communication

Network Protocols

Transmission media

Local area network and Wide Area Network

Risks and controls Audit and Evaluation Techniques

Network Eras


Data Communication

Network Protocols

Transmission media

Local area network and Wide Area Network

Risks and controls Audit and Evaluation Techniques

3 Oct 2005 33

N t k i f t tNetwork infrastructure


34/64

Network infrastructure

Network Eras

Network infrastructure

Network Eras ERA 1: Mainframe Networks (1965 - 1975)

ERA 2: Minicomputer Networks (1975 - 1985) ERA 3: Shared-bandwidth LANs (1985 - 1995)

ERA 4: Switching LANs (1995 - )

ERA 1: Mainframe Networks (1965 - 1975)

ERA 2: Minicomputer Networks (1975 - 1985) ERA 3: Shared-bandwidth LANs (1985 - 1995)

ERA 4: Switching LANs (1995 - )

3 Oct 2005 34

Network ErasNetwork Eras


35/64

Network Eras

Mainframe Networks

Network Eras

Mainframe Networks

Groups of terminals

attached to clustercontrollers

Controllers were

connected to the front-end processor throughpoint-to-point cables (forlocal connections) orleased telephone lines(for remote connections).

Groups of terminalsattached to clustercontrollers

Controllers were

connected to the front-end processor throughpoint-to-point cables (forlocal connections) orleased telephone lines(for remote connections).

3 Oct 2005 35



36/64

Network Eras

Minicomputers Networks

Network Eras

Minicomputers Networks Terminals connected directly

to a port on the mini.

Statistical multiplexers providewide area fine sharing anderror protection.

Data PBXs were central tomany networks, allowingterminal users to selectcomputers and contend forexpensive computer ports.

Terminals connected directlyto a port on the mini.

Statistical multiplexers providewide area fine sharing anderror protection.

Data PBXs were central tomany networks, allowingterminal users to selectcomputers and contend forexpensive computer ports.

3 Oct 2005 36



37/64

Network Eras

Shared-bandwidth LANs

Network Eras

Shared-bandwidth LANs LAN-based network operating

systems emerged

Shared bandwidth, PCs andother devices were attachedto a single Ethernet segment

or a single token ring

LAN-based network operatingsystems emerged

Shared bandwidth, PCs andother devices were attachedto a single Ethernet segment

or a single token ring

3 Oct 2005 37



38/64

Network Eras

Switched LANs

Network Eras

Switched LANs The rapid growth in the power of PCs (servers), which can handle

throughput rates significantly higher than Ethernet or token ring

provides.

Data representation through images rather than text.

Emergence of the World Wide Web, document imaging, medical

radiology, CAD, video training, and pre-press editing (require largeamounts of bandwidth).

The rapid growth in the power of PCs (servers), which can handlethroughput rates significantly higher than Ethernet or token ring

provides.

Data representation through images rather than text.

Emergence of the World Wide Web, document imaging, medical

radiology, CAD, video training, and pre-press editing (require largeamounts of bandwidth).

3 Oct 2005 38

Network architectureNetwork architecture


39/64


Bus configuration

Ring configuration

Star configuration

Mesh configuration

Bus configuration

Ring configuration

Star configuration

Mesh configuration

3 Oct 2005 39



40/64


Bus configuration


Bus configurationAdvantages

Reliable in very small networks

Easy to use and understand

Requires less amount of cables,

less expensive

Is easy to extend

A repeater can be used to

extend the configuration

Disadvantages

Heavy network traffic can

slow the performance

Each connection between

two cables weakens the

electrical signal

Difficult to locate network

error. Difficult to trouble

shoot

3 Oct 2005 40



41/64


Ring configuration


Ring configuration

Advantages

Every computer is given equalaccess, since a token is passedaround the ring indicatingauthorization to transmit

The network degradesgracefully

Advantages

Every computer is given equalaccess, since a token is passedaround the ring indicatingauthorization to transmit

The network degradesgracefully

Disadvantages

Failure of one computer in thenetwork can affect the whole

network

Difficult to trouble shoot

Adding or removing computers

can disrupt the network

3 Oct 2005 41



42/64


Star configuration


Star configurationAdvantages

Easy to modify and add new

computers

The center of the star is a good placeto diagnose network problems

Single computer failures do not bringdown the network

Several cable types can be used in theconfiguration

Advantages

Easy to modify and add new

computers

The center of the star is a good placeto diagnose network problems

Single computer failures do not bring

down the network

Several cable types can be used in theconfiguration

Disadvantages

If the central hub fails the wholenetwork cease to function

Require a device at the center to

rebroadcast or switch network

traffic

More cable is required than busconfiguration

3 Oct 2005 42



43/64


Mesh configuration


Mesh configurationDisadvantages

Difficult to install andreconfigure, since there is a

connection with every

machine on the network

High cost of installations

Advantages

Fault tolerant Easy to diagnose problems

Guaranteed channel capacity

Advantages

Fault tolerant Easy to diagnose problems

Guaranteed channel capacity

3 Oct 2005 43

Telecommunication infrastructureTelecommunication infrastructure


44/64

Telecommunication infrastructure

Data Communication


Data Communication Simply put, it involves the

transmission of speech and, ordata between two connecteddevices.

Data communications describesthe use of protocols (rules) andspecific equipment to coordinateand facilitate the successful

transmission and receipt of databetween source and destination.

Simply put, it involves thetransmission of speech and, ordata between two connecteddevices.

Data communications describesthe use of protocols (rules) andspecific equipment to coordinateand facilitate the successful

transmission and receipt of databetween source and destination.

3 Oct 2005 44



45/64


Network Protocols


Network ProtocolsProtocols are the set of rules for the packagingand transmission of data.

Examples:

Transmission Control Protocol/Internet Protocol(TCP/IP)

Virtual telecommunications Access Method (VTAM)

IPX/SPX

AppleTalk PPP (Point-to-Point Protocols), X.25

Protocols are the set of rules for the packagingand transmission of data.

Examples:

Transmission Control Protocol/Internet Protocol(TCP/IP)

Virtual telecommunications Access Method (VTAM)

IPX/SPX

AppleTalkPPP (Point-to-Point Protocols), X.25

3 Oct 2005 45



46/64


Transmission mediaTransmission media Copper (twisted pair) circuits

Coaxial cables Fiber optic systems

Radio systems

Microwave radio systems

Satellite radio link systems

Copper (twisted pair) circuits

Coaxial cables Fiber optic systems

Radio systems

Microwave radio systems

Satellite radio link systems

3 Oct 2005 46



47/64


LANs and WANsLANs and WANs LANs

Within buildings or departments

Digital signals used

Computer to computer transmission

Use high quality cables

WANs: Spread over multiple sites

Require the use of special communications hardware

May use public long distance communications links Tend to be more complex than LANs.

LANs Within buildings or departments

Digital signals used

Computer to computer transmission

Use high quality cables

WANs: Spread over multiple sites

Require the use of special communications hardware

May use public long distance communications links Tend to be more complex than LANs.

3 Oct 2005 47



48/64

Network Risks and ControlsNetwork Risks and ControlsRisks` Controls

Unauthorized access (incl.tapping)

Encryption

Access controls

Performance degradation Performance monitoringResponse time reports

Down time reportsOnline monitors (Echo checking)

Help desk reports

Remote access & dial-up Call back facility

Viruses, trojan Anti-virus and forced-update

Clear policy

Astalavista.box.sk

3 Oct 2005 48



49/64

Audit and Evaluation TechniquesAudit and Evaluation Techniques

LAN review

Physical security Observe LAN and transmission wiring closet, server

location, test access key

Environmental controls

Surge protector, Air conditioning, humidity, powersupply, backup media protection, fire extinguisher

Logical security

Interview LAN admin, penetration test, search forwritten password, test log off period, dial-upconnection

LAN review

Physical security Observe LAN and transmission wiring closet, server

location, test access key

Environmental controls

Surge protector, Air conditioning, humidity, powersupply, backup media protection, fire extinguisher

Logical security

Interview LAN admin, penetration test, search forwritten password, test log off period, dial-upconnection

3 Oct 2005 49



50/64

3 Oct 2005 50

InternetInternet

InternetInternet


51/64

What is Internet

Why use Internet

The risk of Internet How to control Internet use

What is a Firewall

How Firewall works

What can Firewall do

What cant Firewall do

What is Internet

Why use Internet

The risk of Internet How to control Internet use

What is a Firewall

How Firewall works

What can Firewall do

What cant Firewall do

3 Oct 2005 51

What is Internet ?What is Internet ?


52/64

Worlds largest computer network.

Based on TCP/IP protocol suite

Links Universities, gov, companies, etc.

Large international presence > 170 countries

Worlds largest computer network.

Based on TCP/IP protocol suite

Links Universities, gov, companies, etc.

Large international presence > 170 countries

3 Oct 2005 52

Why Use Internet ?Why Use Internet ?


53/64

Provides cost effective communication for:

eCommerce Electronic Mail (SMTP)

Remote Terminal Access (Telnet)

File Transfer (FTP)

Good information source World Wide Web access (HTTP)

Provides cost effective communication for:

eCommerceElectronic Mail (SMTP)

Remote Terminal Access (Telnet)

File Transfer (FTP)

Good information sourceWorld Wide Web access (HTTP)

3 Oct 2005 53

The Risk of InternetThe Risk of Internet


54/64

Perhaps the biggest risk.......You dont know who isout there!

Because the Internet is so convenient to use, securityimplications are often overlooked

Possible network backdoor connections open tohackers

Viruses from downloaded software (e.g. screensavers)

Disclosure of sensitive info (e.g. credit card numbers)

Perhaps the biggest risk.......You donYou dont know who ist know who isout there!out there!

Because the Internet is so convenient to use, securityimplications are often overlooked

Possible network backdoor connections open tohackers

Viruses from downloaded software (e.g. screensavers)

Disclosure of sensitive info (e.g. credit card numbers)

3 Oct 2005 54

How to Control Internet Use ?How to Control Internet Use ?


55/64

Develop policies to define acceptable usage

Personal use Business use (encrypting messages to business

partners)

Educate users on internet risks

Use of Firewalls

Develop policies to define acceptable usage

Personal useBusiness use (encrypting messages to business

partners)

Educate users on internet risks

Use of Firewalls

3 Oct 2005 55

What is a Firewall ?What is a Firewall ?


56/64

A firewall is a combination of hardware and software thatenforces an existing network access policy

Prevents unauthorized traffic in and out of a securenetwork

It restricts people to entering at a carefully controlled

point It prevents attackers from getting close to other network

security defenses

A firewall is a combination of hardware and software thatenforces an existing network access policy

Prevents unauthorized traffic in and out of a securenetwork

It restricts people to entering at a carefully controlled

point It prevents attackers from getting close to other network

security defenses

3 Oct 2005 56

How Firewall works?How Firewall works?


57/64

Mainframe/

Legacy

Systems

Local Area Network

Internet

Wide Area Network

FirewallFirewall

Firewall

Gateway

Rejected externaltraffic

3 Oct 2005 57

What can Firewall Do ?What can Firewall Do ?


58/64

A firewall is a focus for security decisions. Think

of a firewall as a choke point. All traffic in andout must pass through this single checkpoint, orGateway

A Firewall can enforce security policy. Many ofthe services that people want from the Internetare inherently insecure. A Firewall acts as the

traffic cop for these services.

A firewall is a focus for security decisions. Thinkof a firewall as a choke point. All traffic in andout must pass through this single checkpoint, orGateway

A Firewall can enforce security policy. Many ofthe services that people want from the Internetare inherently insecure. A Firewall acts as the

traffic cop for these services.

3 Oct 2005 58

What can Firewall Do ? (Contd)What can Firewall Do ? (Contd)


59/64

A Firewall can effectively log Internet activity. Becauseall traffic passes through the firewall gateway, it a good

place to collect information about the system andnetwork use .... AND misuse.

A firewall reduces external network exposure. It can also

be used to keep sections of a network separate fromother sections.

e.g. Preventing certain employees attaching documents

to e-mails

A Firewall can effectively log Internet activity. Becauseall traffic passes through the firewall gateway, it a good

place to collect information about the system andnetwork use .... AND misuse.

A firewall reduces external network exposure. It can also

be used to keep sections of a network separate fromother sections.

e.g. Preventing certain employees attaching documents

to e-mails

3 Oct 2005 59

What cant Firewall Do ?What cant Firewall Do ?


60/64

A firewall cant protect you against malicious

insiders. If the fox is inside the hen house, afirewall can do nothing for you.

A firewall cant protect you against connections

that dont go through it. There is nothing it cando for traffic that does not go through it.

A firewall cant protect you against maliciousinsiders. If the fox is inside the hen house, afirewall can do nothing for you.

A firewall cant protect you against connections

that dont go through it. There is nothing it cando for traffic that does not go through it.

3 Oct 2005 60

What cant Firewall Do ? (Contd)What cant Firewall Do ? (Contd)


61/64

A firewall cant completely protect against new

threats. A firewall can only protect againstknown threats. You cant set up a firewall onceand expect it to protect you forever.

A firewall cant protect against viruses as theseare typically spread within documents

A firewall cant completely protect against newthreats. A firewall can only protect againstknown threats. You cant set up a firewall onceand expect it to protect you forever.

A firewall cant protect against viruses as theseare typically spread within documents

3 Oct 2005 61

SummarySummary


62/64

The hardware, systems software, communication lines,networks, Internet and Data Center are all organizations assetsthat should be properly controlled and managed bymanagement.

Todays auditors should familiar and be prepared to deal withvarious rapid development in IT (hardware, OS,communication, Networks, Internet and Data Center) and its

risks IS Auditors tasks:

Review the existing controls available

Test the compliance

Recommend adequate controls

The hardware, systems software, communication lines,networks, Internet and Data Center are all organizations assetsthat should be properly controlled and managed bymanagement.

Todays auditors should familiar and be prepared to deal withvarious rapid development in IT (hardware, OS,communication, Networks, Internet and Data Center) and its

risks IS Auditors tasks:

Review the existing controls available

Test the compliance

Recommend adequate controls

3 Oct 2005 62



63/64

3 Oct 2005 63

Question and AnswerQuestion and Answer



64/64

3 Oct 2005 64

Thank YouThank You

UNPAD03 - IT Environment2 v1

Documents

Transcript of UNPAD03 - IT Environment2 v1