Professional Documents
Culture Documents
HW 1 (Toegangsbeheer Access Control 3.10 2009) 2016
HW 1 (Toegangsbeheer Access Control 3.10 2009) 2016
HW 1 (Toegangsbeheer Access Control 3.10 2009) 2016
Ouditkunde 378 /
Auditing 378
US number: ______________________
15 punte
Nadat die maatskappy betrokke was by die reisreëlings van bekende sterre Brads
Armpitts en Angrelina Doily, het hulle vinnig besef dat die sekuriteit van hul data met
betrekking tot vertroulike inligting van hul kliënte nie voldoende is nie. Die risiko dat
inligting in ongemagtigde hande beland het net te groot begin word.
Die stelsel is tans baie eenvoudig en laat werknemers toe om by hulle terminale, wat
alles in een oopplan kantoor is, aan te teken met ‘n wagwoord. Dit gee dan vir die
persoon toegang tot die hele netwerkstelsel. Die netwerk is slegs ‘n lokale area
netwerk en het tans geen koppeling aan die internet nie. Die persoon wat
aangeteken is, het dan toegang tot al die inligting wat op die bediener se hardeskyf
gelaai is.
Die gebou is gewoonlik gesluit in die aande en daar is ‘n sekuriteitswag wat elke 20
minute patroleer om te kyk of alles in orde is.
VERLANG
1
2
Naam: ___________________________
Ouditkunde 378 /
Auditing 378
US number: ______________________
15 marks
You are a auditor at the firm Mstr_yoda and Partners. Your best friend, Johann du
Plooy, is a director of Bruinwaves Ltd and contacted you for assistance. The
company is a travel agent, which organises exclusive tours for people that does not
only want a holiday, but also additional security services. Most of the company’s
clients are overseas entertainment celebrities. These people prefer to keep their
travel arrangements confidential and have additional security. Bruinwaves Ltd has
built up a good reputation that they can be trusted to make such arrangements.
After the company was involved with the travel arrangements of well known
celebrities, Brads Armpitts and Angrelina Doily, they quickly realised that the security
with regards to confidential information of their clients is not up to standard. The risk
that the information gets into the wrong hands has just become too big.
The system is currently quite a simple one and allows employees to log in at their
terminals, which are all located in an open plan office, with a password. This then
gives the user access to the whole network system. The network is only a local area
network, and currently without a connection to the internet. The user who is logged
on, has access to all the information that is stored on the server.
The building is usually locked at night and there is a security guard which patrols
every 20 minutes to ensure that everything is in order.
REQUIRED
Write a memorandum to your friend, Johann du Plooy, where you give suggestions to
improve the security around their confidential information. (15)
3
4
Ouditkunde 378 /
Auditing 378
Huiswerk 1/ Homework 1
15 punte
MEMORANDUM
Hiermee die voorstelle vir verbetering van u sekuriteit rondom u vertroulike inligting.
Sekuriteitsbestuur
‘n Dokument wat duidelike sekuriteitsbeleid uiteensit, moet opgestel word, sodat elke
personeellid dit kan teken en verantwoordelik gehou kan word indien nodig. (1)
Fisiese toegangsbeheer
Installeer ‘n kaartleser stelsel of iets soortgelyks wat nie net die toegang van persone
beperk nie, maar ook die persoon kan identifiseer wanneer toegang verkry word. (1)
Terminale behoort gesluit te word met ‘n terminaal sleutel sodat enige iemand nie die
rekenaar kan aanskakel nie. (1)
Gemagtigde terminale
Elke terminaal behoort slegs toegang te hê tot inligting en proggramatuur wat deur
daardie spesifieke werknemer gebruik word. (1)
Terminale kan opgestel word, sodat slegs sekere gebruikers op daardie terminaal
kan aanteken. (1)
Gemagtigde gebruikers
Die stelsel moet dan ‘n magtigingstabel / -matriks gebruik om die gebruiker se regte
vas te stel en dan slegs toegang tot sekere funksies en inligting aan hierdie gebruiker
verleen. (1)
5
Wagwoordbeheer: (Maks 5)
- Wagwoorde moet uniek wees. (1)
- Persone behoort wagwoorde te hê wat alfnumeries is en ten minste 5
karakters het. (1)
- Persone behoort gereeld hul wagwoorde te verander. (1)
- Wagwoorde moet nie op skerm vertoon word nie. (1)
- Die keuse van wagwoorde is belangrik – dit moet nie voor die handliggend
wees of aan die gebruiker gekoppel kan word nie. (1)
- Persone wat bedank se wagwoorde behoort van die lêer verwyder te word.
(1)
- Geheimhouding van wagwoorde is noodsaaklik. (1)
Die terminaal behoort af te skakel nadat daar 3 onsuksesvolle pogings tot toegang
was. (1)
Terminaal behoort self uit te teken indien daar ‘n hoeveelheid minute verby gegaan
het vandat daar laas aktiwiteite was en vereis dat die wagwoord heringevoer word
om toegang te verkry. (1)
Kontak ons gerus indien daar enige verdere kwessies is waarmee ons u kan
bystaan.
BESKIKBAAR 17
MAKSIMUM 14
MEMORANDUM FORMAAT 1
TOTAAL 15
6
Ouditkunde 378 /
Auditing 378
Huiswerk 1/ Homework 1
15 marks
MEMORANDUM
Herewith the suggestions for improvement of the security around your confidential
information.
Security management
A document that clearly stipulates the security policy needs to be created, so that
each employee can sign it and be held responsible if necessary. (1)
A card reader system or something similar should be installed which can not only
restrict the access of people, but can also identify a person when access is gained.
(2)
Terminals should be locked by a terminal key so that not any person can switch the
computer on. (1)
Authorised terminals
Every terminal should only have access to information and software that is used by
that specific employee. (1)
Terminals can be set up to only allow certain users to log on to that terminal. (1)
Authorised users
User should each have their own unique user names and passwords. (1)
The system should then use a authorisation table / -matrix to ascertain the users
rights and then only allow access to certain functions and information to the user. (1)
The system should keep an activity log when users log on to the system, in order to
keep a record of who logged on when. (1)
7
Password control: (max 5)
- The password must be unique (1)
- Persons should have alphanumeric passwords with a minimum amount of
characters (1)
- Persons should regularly change their passwords. (1)
- The password should not be shown on the screen. (1)
- The choice of password in important – It should not be obvious or be linked
to the user . (1)
- All the passwords from persons that leave the company should be
removed from the file. (1)
- Secrecy of the password is imperative. (1)
The terminal should shut down after there was 3 unsuccessful attempts to access the
system. (1)
The terminal should log out itself after a certain amount of minutes has gone by
without any activity. (1)
In the event of security breaches, the system should switch off automatically. (1)
Please contact us again if there are any further issues which we can assist you with.
AVAILABLE 17
MAXIMUM 14
MEMORANDUM FORMAT 1
TOTAL 15