Scribd Logo
Upload

Welcome to Scribd!

  • Audit Objectives Relating To Subversive Threats

    Uploaded by

    Kuya Noodles
    158 views2 pages
    The auditor's objectives are to verify that network controls can prevent illegal access, render captured data useless, and preserve data integrity. The document outlines audit procedures to test these controls, including reviewing the firewall configuration for flexibility, filtering, and audit tools. It also recommends verifying intrusion prevention, encryption key administration, encrypting a test message, and testing call-back features.

    Original Description:

    Original Title

    Audit Objectives Relating to Subversive Threats

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The auditor's objectives are to verify that network controls can prevent illegal access, render captured data useless, and preserve data integrity. The document outlines audit procedures to test these controls, including reviewing the firewall configuration for flexibility, filtering, and audit tools. It also recommends verifying intrusion prevention, encryption key administration, encrypting a test message, and testing call-back features.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    158 views2 pages

    Audit Objectives Relating To Subversive Threats

    Uploaded by

    Kuya Noodles
    The auditor's objectives are to verify that network controls can prevent illegal access, render captured data useless, and preserve data integrity. The document outlines audit procedures to test these controls, including reviewing the firewall configuration for flexibility, filtering, and audit tools. It also recommends verifying intrusion prevention, encryption key administration, encrypting a test message, and testing call-back features.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 2

    Audit Objectives Relating to Subversive Threats

    The auditor’s objective is to verify the security and integrity of financial transactions by

    determining that network controls (1) can prevent and detect illegal access both internally and from the
    Internet, (2) will render useless any data that a perpetrator successfully captures, and (3) are sufficient
    to preserve the integrity and physical security of data

    connected to the network.

    Audit Procedures Relating to Subversive Threats

    To achieve these control objectives, the auditor may perform the following tests of

    controls:

    1. Review the adequacy of the firewall in achieving the proper balance between control

    and convenience based on the organization’s business objectives and potential risks.

    Criteria for assessing the firewall effectiveness include:

    • Flexibility. The firewall should be flexible enough to accommodate new services

    as the security needs of the organization change.

    • Proxy services. Adequate proxy applications should be in place to provide explicit user authentication
    to sensitive services, applications, and data.

    • Filtering. Strong filtering techniques should be designed to deny all services that

    are not explicitly permitted. In other words, the firewall should specify only

    those services the user is permitted to access, rather than specifying the services

    that are denied.

    • Segregation of systems. Systems that do not require public access should be segregated from the
    Internet.

    • Audit tools. The firewall should provide a thorough set of audit and logging

    tools that identify and record suspicious activity.

    • Probe for weaknesses. To validate security, the auditor (or a professional security

    analyst) should periodically probe the firewall for weaknesses just as a computer

    Internet hacker would do. A number of software products are currently available for identifying security
    weaknesses.4

    2. Verify that an intrusion prevention system (IPS) with deep packet inspection (DPI)

    is in place for organizations that are vulnerable to DDos attacks, such as financial
    institutions.

    3. Review security procedures governing the administration of data encryption keys.

    4. Verify the encryption process by transmitting a test message and examining the contents at various
    points along the channel between the sending and receiving

    locations.

    5. Review the message transaction logs to verify that all messages were received in their

    proper sequence.

    6. Test the operation of the call-back feature by placing an unauthorized call from outside the
    installation.

    You might also like