![Page 1: AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES](https://reader036.vdocument.in/reader036/viewer/2022072010/56649dd25503460f94ac83a6/html5/thumbnails/1.jpg)
AUDITING INFORMATION SYSTEMS SECURITY
![Page 2: AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES](https://reader036.vdocument.in/reader036/viewer/2022072010/56649dd25503460f94ac83a6/html5/thumbnails/2.jpg)
AUDITING INFORMATION SYSTEMS SECURITY
• AUDIT OF LOGICAL ACCESS
• USE OF TECHNIQUES FOR TESTING SECURITY
• USE OF INVESTIGATION TECHNIQUES
![Page 3: AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES](https://reader036.vdocument.in/reader036/viewer/2022072010/56649dd25503460f94ac83a6/html5/thumbnails/3.jpg)
AUDITING INFORMATION SYSTEMS SECURITY
• Information security management framework
• Auditing logical access
• Auditing network infrastructure security
• Auditing engironmental exposures & controls
• Auditing physical access
![Page 4: AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES](https://reader036.vdocument.in/reader036/viewer/2022072010/56649dd25503460f94ac83a6/html5/thumbnails/4.jpg)
Information security management framework• The IS Auditor must review:
– Written policies, procedures, standards– Logical access security policies– Formal Security awareness & training– Segregation of duties– Security regarding new IT users– Access standards– Terminated employee access - policy
![Page 5: AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES](https://reader036.vdocument.in/reader036/viewer/2022072010/56649dd25503460f94ac83a6/html5/thumbnails/5.jpg)
AUDITING LOGICAL ACCESS
• General understanding of security risks• Document and evaluate controls over
access paths• Test controls over access paths• Evaluate access control environment• Testing security• Review access controls and password
administration
![Page 6: AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES](https://reader036.vdocument.in/reader036/viewer/2022072010/56649dd25503460f94ac83a6/html5/thumbnails/6.jpg)
Auditing network infrastructure security
• Review Network diagrams• Identify network design implemented• Determine applicable security policies,
standards etc.• Review network administrator
procedures• Assess remote access points of entry &
dial-up access controls
![Page 7: AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES](https://reader036.vdocument.in/reader036/viewer/2022072010/56649dd25503460f94ac83a6/html5/thumbnails/7.jpg)
Auditing Environmental exposures and controls
• Water and smoke detectors• Fire extinguishers• Fire suppression systems• Fireproof walls, floors etc.• Electrical Surge Protectors• Fully documented & Tested BCP
![Page 8: AUDITING INFORMATION SYSTEMS SECURITY. AUDIT OF LOGICAL ACCESS USE OF TECHNIQUES FOR TESTING SECURITY USE OF INVESTIGATION TECHNIQUES](https://reader036.vdocument.in/reader036/viewer/2022072010/56649dd25503460f94ac83a6/html5/thumbnails/8.jpg)
AUDITING PHYSICAL ACCESS
• Touring the Information Processing Facility
• Test the physical safeguards – by observation
• Test other locations such as location of Operator consoles, printer rooms etc.
• Evaluate paths of physical entry