Please enable JavaScript.
Coggle requires JavaScript to display documents.
FUNDAMENTAL OF COMPUTER AUDIT (COMMON AUDIT OBSERVATIONS (Weak Security…
FUNDAMENTAL OF COMPUTER AUDIT
INTERNAL AUDIT
An independent, objective assurance and advisory
activity
Designed to add value and improve an organization’s
operations
Computing Audit & Risk Management
Incident management response process
Classifying business value of data
Risk assessments on internal systems
Security Audits
Governance, risk and compliance
AUDIT PROCESS
Testing
Backup & Recovery
Critical Data
Resource Management
Web Site
Security
Remote Vulnerability Scans
On-Site, Follow-up Vulnerability Tests
Reporting
Observation
When unexpected results are noted
Recommendation
To improve controls
Management Action Plan
Develop Plans, Schedules, and Priorities
Findings
Final Report sent to BOARD
Follow-up
Follow-Up Actions are Based on Your “Management
Action Plan”
Progress is Monitored
Some Re-Testing May be Necessary
Board of Visitors is Updated
Audit is closed
Planning
Annual Risk Assessment
Preliminary Audit Plan
Board of Visitors Approval
Notification and Request for Information
Understand Your Risks and Controls
COMMON AUDIT OBSERVATIONS
Weak Security Settings
Windows Operating System
Missing Security Patches
Operating Systems
Applications
Databases
Misconfigure Anti-Malware Tools
Out-of-Date Threat Signatures
Scans Not Scheduled
Inadequate Access Controls
Weak Passwords & File Permissions
Open Communication Ports
The Hacker’s Point of Entry
DO'S
Harden Security Settings
Keep Everything Patched
Install and Use Anti-Malware Tools
Enforce Strong Passwords
Close or Filter Communication Ports
Test Your Systems
Support Your System Administrator