Scribd Logo
Upload

Welcome to Scribd!

  • 28 views

    Icq Ref CT Ref Compliance Test Working Papers

    Uploaded by

    h
    This document outlines compliance tests for auditing an organization's IT network. It includes testing monitoring of network problems and resolution times, reviewing how the network has changed and future plans, checking for intrusion detection policies, and reviewing security breach response plans. It also includes ensuring proper contracts and service level agreements for network services, controlling equipment connections to the network, policies for internet usage, and controls over user access and remote connections.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Icq Ref CT Ref Compliance Test Working Papers

    Uploaded by

    h
    28 views1 page
    This document outlines compliance tests for auditing an organization's IT network. It includes testing monitoring of network problems and resolution times, reviewing how the network has changed and future plans, checking for intrusion detection policies, and reviewing security breach response plans. It also includes ensuring proper contracts and service level agreements for network services, controlling equipment connections to the network, policies for internet usage, and controls over user access and remote connections.

    Original Description:

    Original Title

    Untitled9

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines compliance tests for auditing an organization's IT network. It includes testing monitoring of network problems and resolution times, reviewing how the network has changed and future plans, checking for intrusion detection policies, and reviewing security breach response plans. It also includes ensuring proper contracts and service level agreements for network services, controlling equipment connections to the network, policies for internet usage, and controls over user access and remote connections.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    28 views1 page

    Icq Ref CT Ref Compliance Test Working Papers

    Uploaded by

    h
    This document outlines compliance tests for auditing an organization's IT network. It includes testing monitoring of network problems and resolution times, reviewing how the network has changed and future plans, checking for intrusion detection policies, and reviewing security breach response plans. It also includes ensuring proper contracts and service level agreements for network services, controlling equipment connections to the network, policies for internet usage, and controls over user access and remote connections.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    cipfa-audit-IT-03.

    qxd
    ICQ REF CT REF COMPLIANCE TEST WORKING PAPERS
    1.6.3 Obtain details of monitoring information and review error logs. Select a sample of problems and

    10/10/2002
    identify the time taken for their resolution. Assess whether this is appropriate given the nature of
    the problem and the services affected.
    1.6.4 Find out how the network has changed since its installation and how the network is to be
    developed to meet future needs. Ask whether a network action plan is in place to ensure that
    future needs will be met.

    16:58
    1.6.5 Identify whether active intrusion detection is used and what policies have been implemented.

    1.6.6 Identify and review whether there is a security breach action plan for the organisation, ie action to
    be taken by the organisation should network attacks be identified.

    Page 403
    1.7 1.7.1 Check that the appropriate contracts and service level agreements exist and have been signed off
    by authorised representatives of all parties.
    1.7.2 Ensure that the contracts and service level agreements cover all aspects of the network service
    provision and that the interests of the organisation are adequately protected as the customer of
    the service.
    1.7.3 Check that there is a regular review process for the service between the parties and that the
    agreements are updated according to changes in business needs.
    2.1 2.1.1 Ask if there are explicit rules governing connection of equipment to the network. Check whether
    this covers the types of equipment, associated software and staff carrying out the work, and how
    details of the connection are recorded.
    2.1.2 Identify controls in place to identify unauthorised network connections.

    2.1.3 Identify whether there is a policy governing the use of the internet by employees, business
    partners and clients. If there is a policy, identify how this is communicated, monitored and
    enforced.
    2.2 2.2.1 Identify all permanent and temporary network connections in place and how connections are
    controlled.

    CONTROL MATRICES
    2.2.2 Assess the arrangements for allocating and monitoring user access. A listing of all users and their
    access restrictions should be requested and examined for reasonableness.
    2.2.3 Check arrangements for allocating lines and validating remote users, particularly where modems
    Page 403

    are left switched on at all times.


    2.3 2.3.1 Ask what checks are made to detect unauthorised attachment to the network.

    You might also like