Evaluate the impact on auditors if operating systems and networks are determined to lack adequate security controls. Suggest at least two controls that should be implemented to reduce the risk to data integrity and explain your answer.
Operating systems are the brains of a computer’s control program. The operating system is responsible for translating high level languages into machine language. Operating systems allocate resources to end users, applications and other devices. Operating systems also manage tasks such as job scheduling and processing.
It is critical to test operating system controls in an audit. Should an operating system be compromised, that compromise could result in the failure of internal controls, thereby potentially causing system security to be breached. In order to effectively audit the operating system integrity control, the auditor will examine the following:Access privileges, Password Control, Protection from malicious & destructive program - viruses and malware.
Create an argument in support of establishing a policy for security violations so when breaches occur, the organization will be a position to prosecute the person committing the violation. Determine the types of security controls that should be implemented to reduce security violations and explain your answer.
Policy and procedures should be set up to deal with IT security breaches by an employee of a IT security systems. The employee should be required to acknowledge that they understand what will occur (loss of enployment and prosecution) to them if they breaches IT security. This should be done before employees are issued an ID and Password. A yearly reminded should be sent out to all enployees and a digital signature should be captured acknowledging that the employee understand all policy about IT security breaches.
Sources: Information Technology Auditing and Assurance, Third Edition: James A. Hall; Copyright 2011 Cengage Learning, Inc.; http://www.coursesmart.com/9781439079119/firstsection#X2ludGVybmFsX0J2ZGVwRmxhc2hSZWFkZXI/eG1saWQ9OTc4MTQzOTA3OTExOS9pdg
Organization' Information Security Policy Compliance:Stick or Carrot Approached? Chen, Yen, Ramamurthy, Wen, Kuang-Wel
"Security Controls" Please respond to the following:
Evaluate the im