Scribd Logo
Upload

Welcome to Scribd!

  • Cis 07TP1

    Uploaded by

    Clarissa Teodoro
    43 views1 page
    The document discusses security controls and risks related to remote access. It recommends that when resetting an employee's forgotten password, the administrator should first verify the employee's identity through methods like email or phone. It also recommends evaluating firewall policies and controlling modem use to prevent circumvention. Implementing intrusion detection and antivirus can help prevent attacks through VPN connections. When reviewing dial-up access, auditors should test connecting from authorized and unauthorized phone lines to ensure only approved numbers can access the system.

    Original Description:

    Assignment

    Original Title

    CIS_07TP1

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses security controls and risks related to remote access. It recommends that when resetting an employee's forgotten password, the administrator should first verify the employee's identity through methods like email or phone. It also recommends evaluating firewall policies and controlling modem use to prevent circumvention. Implementing intrusion detection and antivirus can help prevent attacks through VPN connections. When reviewing dial-up access, auditors should test connecting from authorized and unauthorized phone lines to ensure only approved numbers can access the system.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    43 views1 page

    Cis 07TP1

    Uploaded by

    Clarissa Teodoro
    The document discusses security controls and risks related to remote access. It recommends that when resetting an employee's forgotten password, the administrator should first verify the employee's identity through methods like email or phone. It also recommends evaluating firewall policies and controlling modem use to prevent circumvention. Implementing intrusion detection and antivirus can help prevent attacks through VPN connections. When reviewing dial-up access, auditors should test connecting from authorized and unauthorized phone lines to ensure only approved numbers can access the system.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 1

    07_TP_01

    Required:

    a. When an employee notifies the company that he/she has forgotten his/her password, what
    should be done FIRST by the security administrator?

    -When an employee forgot his/her password security administrator must assist him/her for
    updating password. But in order to update the password of the employee, system administrator
    must first verify the identity of the employee, by having a proof of identity using verification like;
    (1) email address link by employees account and (2) call the phone number of the employee.

    b. What is the MOST significant risk that the IS auditor should evaluate regarding the existing
    remote access practice?

    One of the most significant risk that an IS Auditor should evaluate should be the firewall policy
    implemented of the company. The circumvention of firewalls through the use of modems may
    connect users directly to ISPs which is management should provide assurance that the use of
    modems when firewall exists is strictly controlled or prohibited altogether. Misconfigured
    firewalls may allow unknown and dangerous services to pass through freely.

    c. What control may be implemented to prevent an attack on the internal network initiated through
    an internet VPN connection?

    -The controls that may be implemented to prevent an attack through VPN connection should be
    Intrusion Prevention System / Intrusion Detection System which can deeply detect any systems
    abnormal behaviour like malicious incidents and prevent the intended victim hosts from being
    affected by the attackers. And another control implemented should be Antivirus software that
    running silently to the computer and detects any virus or any inappropriate actions that can
    hack the access through an internet VPN connection.

    d. What test is MOST important for the IS auditor to perform as part of the review of dial-up
    access controls?

    In reviewing of dial-up access controls, IS auditor should assess remote assessing point of
    entry in addressing of how many (known/unknown) exist. To test the dial-up access
    authorization, IS auditor should dial the computer from a number of authorized and
    unauthorized telephone lines. If controls are adequate, successful connection will occur with
    authorized numbers only.

    You might also like