The audit plan outlines seven areas to review in 2011, including the effectiveness of the internet perimeter controls like firewall rules and logs, the configuration of the web proxy server and blocking mechanisms, reviewing the disaster recovery plan and objectives, intranet perimeter controls and firewall segregation, bandwidth utilization efficiency within and between offices, security incident handling procedures, and ensuring human safety concerning electrical, connectivity, cleanliness and physical hazards in workstation and server rooms across districts and headquarters.
The audit plan outlines seven areas to review in 2011, including the effectiveness of the internet perimeter controls like firewall rules and logs, the configuration of the web proxy server and blocking mechanisms, reviewing the disaster recovery plan and objectives, intranet perimeter controls and firewall segregation, bandwidth utilization efficiency within and between offices, security incident handling procedures, and ensuring human safety concerning electrical, connectivity, cleanliness and physical hazards in workstation and server rooms across districts and headquarters.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online from Scribd
The audit plan outlines seven areas to review in 2011, including the effectiveness of the internet perimeter controls like firewall rules and logs, the configuration of the web proxy server and blocking mechanisms, reviewing the disaster recovery plan and objectives, intranet perimeter controls and firewall segregation, bandwidth utilization efficiency within and between offices, security incident handling procedures, and ensuring human safety concerning electrical, connectivity, cleanliness and physical hazards in workstation and server rooms across districts and headquarters.
Copyright:
Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOC, PDF, TXT or read online from Scribd
a. Evaluate effectiveness of firewall rules b. Check if audit trail is enabled. c. Check if periodic review is conducted on audit trail. d. Review firewall logs to identify other point of entry/exit e. Review maintenance & support agreement 2. Review of web proxy server a. Identify blocking mechanism b. Review of logs to check effectiveness c. Review of policies d. Review maintenance & support agreement 3. Review of Disaster Recovery Plan Readiness a. Application under DRP b. Recovery Time Objective c. Recovery Point Objective 4. Review of Intranet perimeter control a. Ensure basic segregation of internal network b. Evaluate effectiveness of firewall rules in segregated network 5. Review of bandwidth management a. Review of bandwidth utilization efficiency i. Within HQ ii. Between District & HQ iii. Inter district 6. Review of Security Incidence Handling a. Review SOP in place b. Review past incident 7. Review of human safety in computing environment at a. District & HQ i. Workstation ii. Server Room b. Area of concern i. Electrical leakage ii. Improper connection iii. Dusty hazard iv. Sharp object