SlideShare ist ein Scribd-Unternehmen logo

ICAB - ITA Chapter 5 class 7-8 - Controls and Standards

Als PPTX, PDF herunterladen
Mohammad Abdul Matin Emon
Mohammad Abdul Matin Emon

ICAB Professional Stage - Application Level - IT Application Class Slides

BildungTechnologieBusiness
1 von 16
IT APPLICATIONS Professional Stage Application Level, ICAB Teacher: Mohammad Abdul Matin Chapter 5 Controls and Standards
Chapter Outline  Information System Security Controls  Physical Security Controls  Logical Security Controls  Control and Standard for Information Integrity  Control and Standard for Information Access Control  Control and Standard for Computer Audit  Control and Standard for System Implementation Phase  Control and Standard for System Maint. and Evaluation  Risks of IT Systems  Controls for Personal Systems
Syllabus  In the examination, candidates may be required to a. describe in detail the controls and standards which are applied to information systems for the purpose of audit and security (regulatory and management controls, computer risk management, back up procedures, controls over data integrity, computer audit, passwords and logical access system, personal security planning) b. explain the risks to IT systems from hackers and viruses
Types of Security Control Physical Security Controls Lock | Access Control | Fire Protection Logical Security Controls Authentication | Anti Virus | Encryption Environmental Controls Security Policy | SOP | License | AMC | Warranty Information System Operating Controls Performance | Completion | Accuracy | Backup & Restore
Information System Security Policy  Information System (IS) Hardware, Network, Software, Applications, Databases involved in recording, processing, analyzing, storing and reporting information.  IS Security Policy High level statements stating goals regarding control and security of Information Systems, which also… – specifies who is responsible of implementation – is established by management and approved by Board – does not lay down detailed control procedures or SOPs
Sections of a Security Policy • to provide guidelines on information processing, reporting, MIS, etc. for management and Board Purpose & Responsibility • guides on system life-cycle management, starting with evaluation, procurement to monitoring System Procurement & Development • defines access authorization and processes for management to the information systemsAccess Terminals • explains equipment & environment, information & communication security, contingency & recovery Equipment & Information Security • outline the engagement framework and service levels in regard to development, management Service Bureau Programs
IS Security Standards  Minimum criteria, rules and procedures established in an organization that must be implemented for ensuring achievement of IS Security Policy objectives. The IS Security Standards…. – are implemented under the direction of Management – specify detailed requirements of each IS control; e.g. length of passwords, construction of passwords, backup retention period, etc. – are not specific to any particular computer platform. It’s more generally applicable.
Physical Security Controls  Physical Locks  Security Guards  Video Surveillance Cameras  General Emergency and Detection Controls  Heating, Ventilation and Cooling Systems  Insurance Coverage  Periodic Backups  Emergency Power and UPS  Business Resumption Programs  Backup System Security Administrator
Logical Security Control  User ID and Passwords  Remote Access Controls • Dedicated Leased Lines • Automatic Dial-back • Secure Socket Layer (SSL) • Multifactor Authentication • Virtual Private Network (VPN)  Computer Operations Audit  Backup and Recovery Procedures  Integrity / Completeness Checks
Control & Standards for Information Integrity  Policy & Procedures – Formal documented policy addressing purpose, scope, roles, committees, coordination among entities, etc. – Formal guideline on the process of establishing information integrity policy  Flaw Remediation – Establishing a process for proactive identification, reporting and addressing flaws/vulnerability (that can take effect into errors/faults) – Patch management, system updates, service packs, etc.
Control & Standards for Information Integrity (cont.)  Malicious Code Protection – Gateway filtering/protection for email, web, removable media – Software for in-depth protection  Security Alerts and Advisories – Following and keeping up-to-date with different popular alerts  Security Functionality Verification – Monitoring and notification system for automated security test failures or exposed vulnerabilities  Software and Information Integrity – Software integrity with version control, release management, etc. – Master Data Management (MDM)
Control & Standards for Information Integrity (cont.)  Spam Protection – Spam protection in gateways, messaging, servers and devices – Keeping spam signature database updated – Combine multiple software to strengthen protection  Information Input Restrictions – Role based authorization, location/schedule based access, etc.  Information Input Accuracy, Completeness, Validity and Authenticity – Input validation based on format, context, length, source, etc. – Completeness check based on transaction definition, etc.
Control & Standards for Information Access Control  Access Control Policy and Procedures – Formal document outlining information access policy  Identification and Authentication Policy & Procedures – Access identification guidelines formally documented  Account Management – User / group / system ID definitions with authorization matrix – Account add/move/delete processes and procedures  Account Review – Automated account and access audit – Reviewing, analyzing and reporting on audit records
Control & Standards for Information Access Control (cont.)  User Identification and Authentication – User authentication with single and multifactor verification  Device Identification and Authentication – Bidirectional negotiation and authentication of devices  Passwords – Changing default passwords – Complexity of passwords – Expiration and repeatability of passwords – Keeping passwords away from login IDs – Control and log for master passwords
Questions  Explain the physical security control and logical security controls  What do you mean by Information System Security Standards?
Thank You

Empfohlen

ICAB - ITA Chapter 5 class 9-10 - Controls and Standards
ICAB - ITA Chapter 5 class 9-10 - Controls and StandardsICAB - ITA Chapter 5 class 9-10 - Controls and Standards
ICAB - ITA Chapter 5 class 9-10 - Controls and StandardsMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 2 Set 1 - Information Technology Architecture
ICAB - ITK Chapter 2 Set 1 - Information Technology ArchitectureICAB - ITK Chapter 2 Set 1 - Information Technology Architecture
ICAB - ITK Chapter 2 Set 1 - Information Technology ArchitectureMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT SystemsICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT SystemsMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 5 Set 2 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 2 - Internal Control in IT SystemsICAB - ITK Chapter 5 Set 2 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 2 - Internal Control in IT SystemsMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 3 class 6-7 - Management of IT
ICAB - ITK Chapter 3 class 6-7 - Management of ITICAB - ITK Chapter 3 class 6-7 - Management of IT
ICAB - ITK Chapter 3 class 6-7 - Management of ITMohammad Abdul Matin Emon
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems AuditRajeswaran Muthu Venkatachalam
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 

Empfohlen

ICAB - ITA Chapter 5 class 9-10 - Controls and Standards
ICAB - ITA Chapter 5 class 9-10 - Controls and StandardsICAB - ITA Chapter 5 class 9-10 - Controls and Standards
ICAB - ITA Chapter 5 class 9-10 - Controls and StandardsMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 2 Set 1 - Information Technology Architecture
ICAB - ITK Chapter 2 Set 1 - Information Technology ArchitectureICAB - ITK Chapter 2 Set 1 - Information Technology Architecture
ICAB - ITK Chapter 2 Set 1 - Information Technology ArchitectureMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT SystemsICAB - ITK Chapter 5 Set 1 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 1 - Internal Control in IT SystemsMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 5 Set 2 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 2 - Internal Control in IT SystemsICAB - ITK Chapter 5 Set 2 - Internal Control in IT Systems
ICAB - ITK Chapter 5 Set 2 - Internal Control in IT SystemsMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 3 class 6-7 - Management of IT
ICAB - ITK Chapter 3 class 6-7 - Management of ITICAB - ITK Chapter 3 class 6-7 - Management of IT
ICAB - ITK Chapter 3 class 6-7 - Management of ITMohammad Abdul Matin Emon
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Yasir Khan
 
3c 2 Information Systems Audit
3c 2 Information Systems Audit3c 2 Information Systems Audit
3c 2 Information Systems AuditRajeswaran Muthu Venkatachalam
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security AuditMufaddal Nullwala
 
Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Yasir Khan
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Security audit
Security auditSecurity audit
Security auditRosaria Dee
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Procedural Controls
Procedural ControlsProcedural Controls
Procedural ControlsDr. Rosemarie Sibbaluca-Guirre
 
Internal controls in an IT environment
Internal controls in an IT environment Internal controls in an IT environment
Internal controls in an IT environment Chris Nicole Apat-Orcullo, CPA
 
008.itsecurity bcp v1
008.itsecurity bcp v1008.itsecurity bcp v1
008.itsecurity bcp v1Mohammad Ashfaqur Rahman
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
IT General Controls
IT General ControlsIT General Controls
IT General ControlsCicero Ray Rufino
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
ERP for IT
ERP for ITERP for IT
ERP for ITAcetech Informtion Systems Pvt Ltd
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit ViewPLN9 Security Services Pvt. Ltd.
 
Business Objectives & Control Objectives in Information Technology
Business Objectives & Control Objectives in Information TechnologyBusiness Objectives & Control Objectives in Information Technology
Business Objectives & Control Objectives in Information TechnologyMufaddal Nullwala
 
ICAB - ITA Chapter 1 class 3 - IT Strategy
ICAB - ITA Chapter 1 class 3 - IT StrategyICAB - ITA Chapter 1 class 3 - IT Strategy
ICAB - ITA Chapter 1 class 3 - IT StrategyMohammad Abdul Matin Emon
 
ICAB - ITA Chapter 1 class 1-2 - IT Strategy
ICAB - ITA Chapter 1 class 1-2 - IT StrategyICAB - ITA Chapter 1 class 1-2 - IT Strategy
ICAB - ITA Chapter 1 class 1-2 - IT StrategyMohammad Abdul Matin Emon
 

Weitere ähnliche Inhalte

Was ist angesagt?

Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Yasir Khan
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubKaushal Trivedi
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information Systemarif prasetyo
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Sreekanth Narendran
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditingDamilola Mosaku
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Sreekanth Narendran
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPsJayesh Daga
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Complianceseanpizzy
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Dinesh O Bareja
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Hendri Eka Saputra
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)Muhammad Azmy
 
03.1 general control
03.1 general control03.1 general control
03.1 general controlMulyadi Yusuf
 
Business Objectives & Control Objectives in Information Technology
Business Objectives & Control Objectives in Information TechnologyBusiness Objectives & Control Objectives in Information Technology
Business Objectives & Control Objectives in Information TechnologyMufaddal Nullwala
 

Was ist angesagt? (20)

Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2Information System Architecture and Audit Control Lecture 2
Information System Architecture and Audit Control Lecture 2
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
Security audit
Security auditSecurity audit
Security audit
 
Control and Audit Information System
Control and Audit Information SystemControl and Audit Information System
Control and Audit Information System
 
Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1Information Systems Audit - Ron Weber chapter 1
Information Systems Audit - Ron Weber chapter 1
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
Procedural Controls
Procedural ControlsProcedural Controls
Procedural Controls
 
Internal controls in an IT environment
Internal controls in an IT environment Internal controls in an IT environment
Internal controls in an IT environment
 
008.itsecurity bcp v1
008.itsecurity bcp v1008.itsecurity bcp v1
008.itsecurity bcp v1
 
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
Information Systems Control and Audit - Chapter 3 - Top Management Controls -...
 
IT General Controls
IT General ControlsIT General Controls
IT General Controls
 
ITGC audit of ERPs
ITGC audit of ERPsITGC audit of ERPs
ITGC audit of ERPs
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 
ERP for IT
ERP for ITERP for IT
ERP for IT
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
03.1 general control
03.1 general control03.1 general control
03.1 general control
 
Security Audit View
Security Audit ViewSecurity Audit View
Security Audit View
 
Business Objectives & Control Objectives in Information Technology
Business Objectives & Control Objectives in Information TechnologyBusiness Objectives & Control Objectives in Information Technology
Business Objectives & Control Objectives in Information Technology
 

Andere mochten auch

ICAB - ITA Chapter 1 class 1-2 - IT Strategy
ICAB - ITA Chapter 1 class 1-2 - IT StrategyICAB - ITA Chapter 1 class 1-2 - IT Strategy
ICAB - ITA Chapter 1 class 1-2 - IT StrategyMohammad Abdul Matin Emon
 
ICAB - ITA Chapter 1 class 4 - E Commerce & EDI
ICAB - ITA Chapter 1 class 4 - E Commerce & EDIICAB - ITA Chapter 1 class 4 - E Commerce & EDI
ICAB - ITA Chapter 1 class 4 - E Commerce & EDIMohammad Abdul Matin Emon
 
ICAB - ITA Chapter 1 class 5-6 - IT in Enterprise in Bangladesh
ICAB - ITA Chapter 1 class 5-6 - IT in Enterprise in BangladeshICAB - ITA Chapter 1 class 5-6 - IT in Enterprise in Bangladesh
ICAB - ITA Chapter 1 class 5-6 - IT in Enterprise in BangladeshMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 1 class 1 - Information within Organization
ICAB - ITK Chapter 1 class 1 - Information within OrganizationICAB - ITK Chapter 1 class 1 - Information within Organization
ICAB - ITK Chapter 1 class 1 - Information within OrganizationMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 1 class 2-3 - Information within Organization
ICAB - ITK Chapter 1 class 2-3 - Information within OrganizationICAB - ITK Chapter 1 class 2-3 - Information within Organization
ICAB - ITK Chapter 1 class 2-3 - Information within OrganizationMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 3 class 4 - Management of IT
ICAB - ITK Chapter 3 class 4 - Management of ITICAB - ITK Chapter 3 class 4 - Management of IT
ICAB - ITK Chapter 3 class 4 - Management of ITMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 3 class 5 - Management of IT
ICAB - ITK Chapter 3 class 5 - Management of ITICAB - ITK Chapter 3 class 5 - Management of IT
ICAB - ITK Chapter 3 class 5 - Management of ITMohammad Abdul Matin Emon
 
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of ITICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of ITMohammad Abdul Matin Emon
 
Decision making
Decision makingDecision making
Decision makingOnline
 
ICAB - ITK Chapter 2 Set 2 - Information Technology Architecture
ICAB - ITK Chapter 2 Set 2 - Information Technology ArchitectureICAB - ITK Chapter 2 Set 2 - Information Technology Architecture
ICAB - ITK Chapter 2 Set 2 - Information Technology ArchitectureMohammad Abdul Matin Emon
 
Financial statement analysis
Financial statement analysisFinancial statement analysis
Financial statement analysisAnuj Bhatia
 
The Top 10 Sales Conferences of 2016
The Top 10 Sales Conferences of 2016The Top 10 Sales Conferences of 2016
The Top 10 Sales Conferences of 2016Peak Sales Recruiting
 
Digital Strategy 101
Digital Strategy 101Digital Strategy 101
Digital Strategy 101Bud Caddell
 

Andere mochten auch (14)

ICAB - ITA Chapter 1 class 3 - IT Strategy
ICAB - ITA Chapter 1 class 3 - IT StrategyICAB - ITA Chapter 1 class 3 - IT Strategy
ICAB - ITA Chapter 1 class 3 - IT Strategy
 
ICAB - ITA Chapter 1 class 1-2 - IT Strategy
ICAB - ITA Chapter 1 class 1-2 - IT StrategyICAB - ITA Chapter 1 class 1-2 - IT Strategy
ICAB - ITA Chapter 1 class 1-2 - IT Strategy
 
ICAB - ITA Chapter 1 class 4 - E Commerce & EDI
ICAB - ITA Chapter 1 class 4 - E Commerce & EDIICAB - ITA Chapter 1 class 4 - E Commerce & EDI
ICAB - ITA Chapter 1 class 4 - E Commerce & EDI
 
ICAB - ITA Chapter 1 class 5-6 - IT in Enterprise in Bangladesh
ICAB - ITA Chapter 1 class 5-6 - IT in Enterprise in BangladeshICAB - ITA Chapter 1 class 5-6 - IT in Enterprise in Bangladesh
ICAB - ITA Chapter 1 class 5-6 - IT in Enterprise in Bangladesh
 
ICAB - ITK Chapter 1 class 1 - Information within Organization
ICAB - ITK Chapter 1 class 1 - Information within OrganizationICAB - ITK Chapter 1 class 1 - Information within Organization
ICAB - ITK Chapter 1 class 1 - Information within Organization
 
ICAB - ITK Chapter 1 class 2-3 - Information within Organization
ICAB - ITK Chapter 1 class 2-3 - Information within OrganizationICAB - ITK Chapter 1 class 2-3 - Information within Organization
ICAB - ITK Chapter 1 class 2-3 - Information within Organization
 
ICAB - ITK Chapter 3 class 4 - Management of IT
ICAB - ITK Chapter 3 class 4 - Management of ITICAB - ITK Chapter 3 class 4 - Management of IT
ICAB - ITK Chapter 3 class 4 - Management of IT
 
ICAB - ITK Chapter 3 class 5 - Management of IT
ICAB - ITK Chapter 3 class 5 - Management of ITICAB - ITK Chapter 3 class 5 - Management of IT
ICAB - ITK Chapter 3 class 5 - Management of IT
 
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of ITICAB - ITK Chapter 3 Class 9-10 - Management of IT
ICAB - ITK Chapter 3 Class 9-10 - Management of IT
 
Decision making
Decision makingDecision making
Decision making
 
ICAB - ITK Chapter 2 Set 2 - Information Technology Architecture
ICAB - ITK Chapter 2 Set 2 - Information Technology ArchitectureICAB - ITK Chapter 2 Set 2 - Information Technology Architecture
ICAB - ITK Chapter 2 Set 2 - Information Technology Architecture
 
Financial statement analysis
Financial statement analysisFinancial statement analysis
Financial statement analysis
 
The Top 10 Sales Conferences of 2016
The Top 10 Sales Conferences of 2016The Top 10 Sales Conferences of 2016
The Top 10 Sales Conferences of 2016
 
Digital Strategy 101
Digital Strategy 101Digital Strategy 101
Digital Strategy 101
 

Ähnlich wie ICAB - ITA Chapter 5 class 7-8 - Controls and Standards

Information Security Framework
Information Security FrameworkInformation Security Framework
Information Security Frameworkssuser65fa31
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4CrispnCrunch
 
Mis presentation by suraj vaidya
Mis presentation by suraj vaidyaMis presentation by suraj vaidya
Mis presentation by suraj vaidyaSuraj Vaidya
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical SecurityJorge Sebastiao
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfshyedshahriar
 
Applying Security Control to Implement EFG FCU Standards
Applying Security Control to Implement EFG FCU Standards Applying Security Control to Implement EFG FCU Standards
Applying Security Control to Implement EFG FCU Standards Lillian Ekwosi-Egbulem
 
Security
SecuritySecurity
Securitya1aass
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxToxicHawk
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Andris Soroka
 
The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysislearfield
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis Belsis MPhil/MRes/BSc
 
IM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.pptIM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.pptRAJESH S
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgJohn M. Kennedy
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Leon Blum
 
محتويات مادة آمن الشبكات
محتويات مادة آمن الشبكاتمحتويات مادة آمن الشبكات
محتويات مادة آمن الشبكاتeng_SamMoh
 

Ähnlich wie ICAB - ITA Chapter 5 class 7-8 - Controls and Standards (20)

Information Security Framework
Information Security FrameworkInformation Security Framework
Information Security Framework
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
Securing control systems v0.4
Securing control systems v0.4Securing control systems v0.4
Securing control systems v0.4
 
The Information Office
The Information OfficeThe Information Office
The Information Office
 
It Audit And Forensics
It Audit And ForensicsIt Audit And Forensics
It Audit And Forensics
 
Mis presentation by suraj vaidya
Mis presentation by suraj vaidyaMis presentation by suraj vaidya
Mis presentation by suraj vaidya
 
Integrating Physical And Logical Security
Integrating Physical And Logical SecurityIntegrating Physical And Logical Security
Integrating Physical And Logical Security
 
CISSP Cheatsheet.pdf
CISSP Cheatsheet.pdfCISSP Cheatsheet.pdf
CISSP Cheatsheet.pdf
 
Applying Security Control to Implement EFG FCU Standards
Applying Security Control to Implement EFG FCU Standards Applying Security Control to Implement EFG FCU Standards
Applying Security Control to Implement EFG FCU Standards
 
Security
SecuritySecurity
Security
 
Chapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptxChapter-2-Control-Audit-Security-ioenotes.pptx
Chapter-2-Control-Audit-Security-ioenotes.pptx
 
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
Data Security Solutions @ISACA LV Chapter Meeting 15.05.2013 SIEM based …
 
The Basics of Security and Risk Analysis
The Basics of Security and Risk AnalysisThe Basics of Security and Risk Analysis
The Basics of Security and Risk Analysis
 
Meletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information securityMeletis BelsisManaging and enforcing information security
Meletis BelsisManaging and enforcing information security
 
IM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.pptIM Unit 4 Security and its a control.ppt
IM Unit 4 Security and its a control.ppt
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policy
 
Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016Information Security Identity and Access Management Administration 07072016
Information Security Identity and Access Management Administration 07072016
 
محتويات مادة آمن الشبكات
محتويات مادة آمن الشبكاتمحتويات مادة آمن الشبكات
محتويات مادة آمن الشبكات
 
Security and Control.ppt
Security and Control.pptSecurity and Control.ppt
Security and Control.ppt
 

Kürzlich hochgeladen

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 

Kürzlich hochgeladen (20)

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 

ICAB - ITA Chapter 5 class 7-8 - Controls and Standards

  • 1. IT APPLICATIONS Professional Stage Application Level, ICAB Teacher: Mohammad Abdul Matin Chapter 5 Controls and Standards
  • 2. Chapter Outline  Information System Security Controls  Physical Security Controls  Logical Security Controls  Control and Standard for Information Integrity  Control and Standard for Information Access Control  Control and Standard for Computer Audit  Control and Standard for System Implementation Phase  Control and Standard for System Maint. and Evaluation  Risks of IT Systems  Controls for Personal Systems
  • 3. Syllabus  In the examination, candidates may be required to a. describe in detail the controls and standards which are applied to information systems for the purpose of audit and security (regulatory and management controls, computer risk management, back up procedures, controls over data integrity, computer audit, passwords and logical access system, personal security planning) b. explain the risks to IT systems from hackers and viruses
  • 4. Types of Security Control Physical Security Controls Lock | Access Control | Fire Protection Logical Security Controls Authentication | Anti Virus | Encryption Environmental Controls Security Policy | SOP | License | AMC | Warranty Information System Operating Controls Performance | Completion | Accuracy | Backup & Restore
  • 5. Information System Security Policy  Information System (IS) Hardware, Network, Software, Applications, Databases involved in recording, processing, analyzing, storing and reporting information.  IS Security Policy High level statements stating goals regarding control and security of Information Systems, which also… – specifies who is responsible of implementation – is established by management and approved by Board – does not lay down detailed control procedures or SOPs
  • 6. Sections of a Security Policy • to provide guidelines on information processing, reporting, MIS, etc. for management and Board Purpose & Responsibility • guides on system life-cycle management, starting with evaluation, procurement to monitoring System Procurement & Development • defines access authorization and processes for management to the information systemsAccess Terminals • explains equipment & environment, information & communication security, contingency & recovery Equipment & Information Security • outline the engagement framework and service levels in regard to development, management Service Bureau Programs
  • 7. IS Security Standards  Minimum criteria, rules and procedures established in an organization that must be implemented for ensuring achievement of IS Security Policy objectives. The IS Security Standards…. – are implemented under the direction of Management – specify detailed requirements of each IS control; e.g. length of passwords, construction of passwords, backup retention period, etc. – are not specific to any particular computer platform. It’s more generally applicable.
  • 8. Physical Security Controls  Physical Locks  Security Guards  Video Surveillance Cameras  General Emergency and Detection Controls  Heating, Ventilation and Cooling Systems  Insurance Coverage  Periodic Backups  Emergency Power and UPS  Business Resumption Programs  Backup System Security Administrator
  • 9. Logical Security Control  User ID and Passwords  Remote Access Controls • Dedicated Leased Lines • Automatic Dial-back • Secure Socket Layer (SSL) • Multifactor Authentication • Virtual Private Network (VPN)  Computer Operations Audit  Backup and Recovery Procedures  Integrity / Completeness Checks
  • 10. Control & Standards for Information Integrity  Policy & Procedures – Formal documented policy addressing purpose, scope, roles, committees, coordination among entities, etc. – Formal guideline on the process of establishing information integrity policy  Flaw Remediation – Establishing a process for proactive identification, reporting and addressing flaws/vulnerability (that can take effect into errors/faults) – Patch management, system updates, service packs, etc.
  • 11. Control & Standards for Information Integrity (cont.)  Malicious Code Protection – Gateway filtering/protection for email, web, removable media – Software for in-depth protection  Security Alerts and Advisories – Following and keeping up-to-date with different popular alerts  Security Functionality Verification – Monitoring and notification system for automated security test failures or exposed vulnerabilities  Software and Information Integrity – Software integrity with version control, release management, etc. – Master Data Management (MDM)
  • 12. Control & Standards for Information Integrity (cont.)  Spam Protection – Spam protection in gateways, messaging, servers and devices – Keeping spam signature database updated – Combine multiple software to strengthen protection  Information Input Restrictions – Role based authorization, location/schedule based access, etc.  Information Input Accuracy, Completeness, Validity and Authenticity – Input validation based on format, context, length, source, etc. – Completeness check based on transaction definition, etc.
  • 13. Control & Standards for Information Access Control  Access Control Policy and Procedures – Formal document outlining information access policy  Identification and Authentication Policy & Procedures – Access identification guidelines formally documented  Account Management – User / group / system ID definitions with authorization matrix – Account add/move/delete processes and procedures  Account Review – Automated account and access audit – Reviewing, analyzing and reporting on audit records
  • 14. Control & Standards for Information Access Control (cont.)  User Identification and Authentication – User authentication with single and multifactor verification  Device Identification and Authentication – Bidirectional negotiation and authentication of devices  Passwords – Changing default passwords – Complexity of passwords – Expiration and repeatability of passwords – Keeping passwords away from login IDs – Control and log for master passwords
  • 15. Questions  Explain the physical security control and logical security controls  What do you mean by Information System Security Standards?