Scribd Logo
Upload

Welcome to Scribd!

  • Questionnaires D'audit

    Uploaded by

    naima
    7 views2 pages

    Original Title

    questionnaires d'audit.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    7 views2 pages

    Questionnaires D'audit

    Uploaded by

    naima

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    Internal Audit Department

    Internal Audit Work Program

    WP Ref.

    Auditable unit: Information Technology Approved by

    Assignment : Date:

    WP
    Audit Step Preparer Reviewer
    ref.
    1.1 Review information security policy for policies and procedures directly
    related to the management and operation of the firewall.
    1.2 Determine the procedure by which the firewall rules are reviewed on a
    periodic basis to ensure they are driven by valid business requirements.
    1.3 Determine if access to the firewall and perimeter routers are controlled by
    ACL’s and/or IP based access controls.

    1.4 Determine if there is a formal procedure for establishing new,


    modifying, and removing firewall rules.
    1.5 Determine if there is an IT policy defining unauthorized access and
    management’s right to monitor network traffic through the firewall.

    1.6 Review procedures to access resources in the case of emergency.

    1.7 Review hardening procedures for firewall systems and perimeter routers.

    1.Review incident response policies and procedures.

    1.9 Determine if the security policy is supported by documented standards and


    procedures. Consider:
    o Security hardware and software implementation
    o Responsibility for monitoring or updating
    o Internal Audit involvement
    o Areas covered
    o Distribution to technical staff
    o End-user agreement distribution

    1.10 Determine whether there is a security committee, or similar body,


    responsible for establishing, maintaining and reviewing security standards
    and guidelines.

    1.11 Determine if there is a security administration function. Consider:


    o Organization chart
    o Duties and responsibilities
    o Training or experience
    o Segregation of administration and monitoring roles

    1.12 Assess policies and procedures for business arrangement changes (i.e.
    mergers, acquisitions, joint ventures etc..) and how they are integrated into
    the existing firewall rules.
    2.1 Review policies and procedures to ensure the integrity of
    firewall logs.
    2.2 Review log retention and deletion policies and procedures.
    2.3 Review policies and procedures for parsing and alerting of logged security
    events in real-time.
    o Ensure that the network vulnerability scan is logged and activates an
    alert.
    2.4 Review policies and procedures for logging users authorized and
    unauthorized systems activity.
    2.5 Assess whether the firewall is being monitored for availability and
    performance requirements.
    3.1 Review and assess firewall rules, and documentation.
    3.2 Review and assess what services are allowed through the firewall, and their
    business requirements.
    3.3 Review and assess firewall DMZ structure for proper segmentation of traffic
    and controls.

    You might also like