Professional Documents
Culture Documents
Auditing2e ppt15 l03
Auditing2e ppt15 l03
Compliance
Lesson 3
What Is the Scope of an
IT Compliance Audit?
Social
Name Security Address
number
Physical
E-mail
characteristics
Examine
Verify controls
security
that support
policies and
the policies
procedures
Verify
implementation
and ongoing
monitoring of
the controls
User Domain
Acceptable use policy (AUP),
Anyone accessing
system access policy, Internet Authentication methods
organizations info
access policy, e-mail policy
Workstation Domain
Desktops, laptops, printers,
End user’s computing Maintenance of system
scanners, mobile devices,
environment hardware and software
wireless devices
LAN Domain
Access to centralized Logon access control,
Computing and networking resources (file servers, hardening, configuration,
equipment printers), administration, backup procedures, network
physical connections power supply
LAN-to-WAN Domain
Routers, firewalls, intrusion Public IP addresses; high
WAN connects multiple LANs
detection devices level of security required
WAN Domain
Routers, firewalls, intrusion Channel service unit/data
End-to-end connectivity detection system, service unit, codecs,
between LANs telecommunications backbone circuits, Internet,
components untrusted zone
System/Application Domain
Mainframes, application Harden servers to authorized
Systems and software servers, Web servers, baseline, configured to
applications that users access proprietary software, and policies and standards with
applications controls
Audit preparedness!!
Segregation of duties
Appropriate documentation
Implement
Monitor
approved
change
change