Professional Documents
Culture Documents
478 613 PDF
478 613 PDF
No. 6 ~ 2007
82 Finance - Accountancy
No. 6 ~ 2007
Finance - Accountancy 83
6. conformity; ȱȱ¢ȱ ȱȱ
7. ȱ¢Dz ȱȱȱǯȱȱ¢ȱ¢ȱ
8. £ȱ¢Dz ȱȱȱȱȱȱ
9. ȱȱ ȱ Ȭ ǰȱȱȱȱȱ Ȭ
ment; ȱȱȱȱȱ£Ȃȱ
10.information resources classification ȱǯȱȱȱȱȱȱ
and control. ȱ¢ȱȱȱȱ¢ȱ Ȭ
ȱȱ¢ǰȱǰȱȱȱ Ȭ
In order for the ISO 17799 standard to ȱȱȱ£ǯȱȱȱ¢ȱ¢ȱ
ȱǰȱȱȱ ȱ Ȭ ȱ¢ȱǰȱȱȱ¢ȱȱȱ Ȭ
sary of the BS 7799-2standard. Its advantage ers to be trained.
¢ȱȱȱȱȱȱ ȱȱȱ informaȬ
tion security management system to be imȬ ȱ ȱȱ¢ȱ¢ȱȱ¡ Ȭ
ȱ¢ȱ¢ȱȱȱ Ȭ ¢ȱ¢ȱȱDZ
ȱDZ £Ȃȱ¢ȱȱ Ȭ
a) defining the information security tivesǰȱ ȱȱȱȱȱȱ
ȱ¢ȱȱȱDz ȱȱȱȱȱ Ȭ
b) ȱȱȱȱȬ ȱ ȱ¡ȱǰȱȱȱ
sary resources; ȱȱǰȱȱȱ Ȭ
c) ȱȱȱȱ Ȭ tegrity or ensuring business continuity;
ment; ȱȱȱȱȱ
d) ȱDz securityǰȱ ȱȱȱȱ¢ȱȱȱ
e) controls selection; ȱǰȱȱȱȱȱ¢ȱ
f) ¢Dz ȱ¢Dz
g) ǯ ȱ ȱ£Ȃȱ Ȭ
ȱȱȱǰȱȱIT Gov- ment in ensuring securityǰȱ¡¢ȱ Ȭ
ernance Instituteȱȱȱȱ ȱ ȱ ȱ ȱȱȱȱ¢ȱ
of ISACAǰȱȱthe best practices for the ǰȱȱ ȱȱȱ¢ȱȱ ȱȱ
ȱȱ¢ȱȱ“COBIT”ȱȱȮȱȃControl ¢ȱȱȱȱȱȱȱȱȬ
Objectives for Information and related Tech- £ȱǯȱ
nology”. COBIT structures the ȱ In order to achieve security objectives
into four areasDZ ȱȱȱȱȱǰȱȱ Ȭ
a) ȱȱ£Dz ¢ȱȱȱȱȱȱ Ȭ
b) ȱȱDz ȱȱǯȱǰȱȱȱȱ
c) ȱȱDz ȱȱ¢ȱ¢ȱ ȱȱȱ Ȭ
d) monitoring and evaluation. ing levelsDZ
ȱ¢ǰȱȱȱȱȱŘŘŖȱ application security, first of all imȬ
ǰȱȱȱřŚȱȱȱ Ȭ ¢ȱȱ¢ȱȱȱ ȱȱ
tives. ȱȱȱȱȱȱȱȱ Ȭ
The security policyǰȱȱȱȱȱ ȱǰȱȱȱ ȱǰȱȱ
¢ȱȱȱȱȱȱ (Secure Sockets Layer) etc.;
No. 6 ~ 2007
84 Finance - Accountancy
No. 6 ~ 2007
Finance - Accountancy 85
ȱȱȱǰȱȱ audit and ȱǰȱ£ȱȱȱ
evaluation toolsȱȱ¡¢ȱȱȱ ȱȱȱ¢ȱȱǰȱ¢ȱȱ
ȱȱȱȱȱ¢ȱ ȱȱ¢ǰȱȱȱDz
ȱ ǰȱ ȱ¢ȱȱ Ȭ standard access.
ȱȱȱȱ¡ȱȱ Ȭ
£ǰȱ¢ȱȱȱ¢ȱȱ Logic access audit implies:
ǰȱȱȱǰȱȱȱ ȱȱ¢ȱȱȬ
ȱǰȱǰȱȱ Ȭ ȱȱDz
ǯȱȱȱȱȱȱ¢ȱȱ evaluating controls regarding system
ȱȱȱȱȱȱ ȱȱ ȱDz
ȱȱȱȱ Ȭ evaluating the control environment in
Ȃȱ¢ǯ ȱȱȱȱ ȱ¡ȱȱȬ
Ȃȱȱȱȱ¢ȱȱȱȬ
2. Information Systems’ sults;
Security Audit ȱȱ¢ȱǰȱ
¢ȱȱȱȱǰȱȱȱ
Information systems’ security audit ǯȱ
ȱȱ ¢ȱȱ and logic ¢ǰȱȱȱȱȱȱȱȬ
access auditǯȱǰȱȱȱ ȱȱȱȂȱ¢ȱȱȱ
must be used (aiming to test the security) ȱǰȱȱȱȱȱȱ
ȱȱǯȱ¢ǰȱ ȱȱȱȱ ȱȱȱȱȬ
phasesȱȱǰȱȱDZ ǯȱȱȱǰȱȱȱȱ
¢£ȱȱ¢ȂȱȱȬ ȱȱ¢ȱȱ researching of the acȬ
ǰȱȱȱDz ȱǰȱȱȱ¡¢ȱȱȱ
¢ȱȱȱ¢ȱȬ ȱ ¢ȱȱȱȱȱ ȱ
cess; ǯȱǰȱȱȱȱȱ¢Ȃȱ
¢ȱȱȱȱDz ǰȱȱȱȱǰȱȱ
ȱȱȱȱȱ most times the ȱȱȱȱȱ .
ȱȱȱ¢ȱDz ¢ȱȱȱȱȱ¢ȂȱȬ
ȱȱȱ ȱȱDz ¢ǰȱȱȱȱ ¢ȱ¢ȱȱȱȱȱ
establishing the data in custody; valuable source for the auditor. C onsequentȬ
establishing the security administrator; ¢ǰȱ auditor is entitled to request an interȬ
ȱ ȱDz ȱ ȱȱǰȱȱ Ȭ
ȱȱ¢ȂȱDz ȱȱ ȱ¡ȱȱȱȱȱ
ȱ£ȱȱ ǰȱȱȱ ȱ¡ȱȱȱ Ȭ
for accessing documents; ¢ȱȱ¢ȱȱȱ ȱȱ
ȱȱ¢ȱǰȱ ȱȱ¢ǯȱǰȱȱȱȱȱ
¢DZȱȱȱ ȱȬ ȱ¢ȱȱȱȱ¢ȱȱ
ǰȱȱ ȱȱȱǰȱȱ ȱȱȱȱȱȱ ǰȱ
ȱȱ¢ȱǰȱȱ ¢ȱȱ ȱ ȱȱ¢ȱȱȱȱ¢ Ȭ
ȱȱȱȱȱǰȱȬ ȱǯ
No. 6 ~ 2007
86 Finance - Accountancy
No. 6 ~ 2007
Finance - Accountancy 87
tion environment. An internet connection ȱȱȱȱȱȱȱ
ȱȱ ȱȱȱ ȱȱȱȱ ȱȱȱ£ȱȱȱ
established by using the logic SSL module ȱ£ȱȱȱȱ Ȭ
(Secure Sockets Layer). SSL is integrated into £ȱ¡ȱȱȱǯȱǰȱ Ȭ
ȱ ȱȱȱ¢ǯȱ ȱȱ ȱȱȱȱȱ Ȭ
ȱȱȱȱ¢ȱȱȱ
ȱȱȱȱȱȱ ȱǯȱ£ȱȱȱ
SET (Secure Electronic Transaction). In this material and financial conditions in order to
ǰȱȱȱȱȂȱȱȱ ȱȱ ȱ ȱǰȱȱ
ȱȱȱ¢ȱȱȱ ȱȱǯ
and it is only then that they are sent to the
ǯȱȱǰȱȱȱȱ ȱȱȱ ȱ¢ǰȱȱ ȱȱȱȱ
identification number and message returning for an information system to be totally secuȬ
ȱȱȱȱȱȱǯȱȱȬ £ǰȱȱȱ ȱ ¢ȱ Ȭ
ǰȱȱȱ ȱǰȱȱȱ ȱ¢ȱȱ¢ȱȂȱȱ
¢ȱȱǰȱȱȱȱȱȱ ǰȱ ȱ¢ȱ ȱȱȱȱȱȱȱ
ȱȱȱȱȱ ȱȱȱȱ ¢ǯȱȱȱȱȂȱǰȱ
ȱȱȱȱȱȱǯȱ ¢ȱ ȱȱȱ¢ȱȱ¢ȱ ȱ¢ȱ
ȱȱȱȱȱȱ ȱȱ ȱȱȱȱȱȱȃ Ȭ
ȱȱȱȱȱȱ ȱȱȱ Ȅǯȱȱǰȱȱ£Ȃȱ Ȭ
be identifiable. ȱ¢ȱȱȱ¡ȱ¢ȱ ȱ
ȱȱ ȱǯȱȱ
Server securitizing ȱȱ¢Ȃȱǰȱȱ Ȭ
£ȱȱȱȱȬ ȱ ȱȱȱȱ ȱ ȱ Ȭ
ling the requests addressed to such and seȬ £ȱȱȱȱǯ
£ȱȱȱ¢ȱȱ ȱ
it collaborates in order to return the service In conclusionǰȱ ȱȱȱȱ¢ȱ
requested by the customers. G rounded on ¢ȱ¢ȱȱȱȱ¡ȱ Ȭ
ȱȱ¢ȱǰȱȱ Ȭ ¢ȱȱ ȱ ȱȱȱȱȱȱ
ȱȱȱ¡ȱȱ¢ȱȱ¢ȱȱ ȱ¢ǯȱǰȱȱ¢ȱȱ
firewall. A firewall configuration is made by ȱȱȱ¢ȱ¢ȱȱȱȬ
the security criteria established for filtering ȱ¢ǰȱȱȱȱ¢ǯȱȱ
ȱȱȱȱȱȱȱ¢ȱ must not be neglected the fact that the securiȬ
ȱȱȱȱ¢ȱǯȱǰȱ ¢ȱȱȱȱȱ¢ȱȱȱ¢ȱ
ȱȱȱȱȱȱȱ ȱ ȱǰȱȱȱȱ ¢ȱȱ¢ȱ
ǰȱȱ ȱȱȱȱȱȱȱȬ ¢ȱȱȱȱ¢ǯȱ
ȱȱ£ȱǯȱ
REFERENCES:
ŗǯȱOprea, Dumitru, Analysis and Design of Economic Information Systems ǻDZȱ£ȱóȱ-
ȱȱöȱǼǰȱȱȱ
ȱŗşşşǯ
No. 6 ~ 2007
88 Finance - Accountancy
No. 6 ~ 2007