AllBestEssays.com - All Best Essays, Term Papers and Book Report
Search

System Security Audit

Essay by   •  January 9, 2012  •  Essay  •  387 Words (2 Pages)  •  1,454 Views

Essay Preview: System Security Audit

Report this essay
Page 1 of 2

System Security Audit

Organizations today have come to heavily rely on Information systems for achieving their business objectives. IT is no longer a support service, it is integrated with every business to such an extent that business cannot be looked up separately from IT. The extent of their reliance is such that any IT failure would mean business is disrupted.

For Ex: if there is a network failure, ATM infrastructure of a Bank would be affected, data centre failure for a stock exchange would be no business transactions can go through.

Also wide spread use of technology has given rise to new risks. Ex: there were no threats from virus till things were being done manually.

Thus a need has arisen to address issues pertaining to system security so that organizations assets could be protected and business objectives could be met.

A System Security Audit is a manual or systematic measurable technical assessment of a system or application.

System Security Audit provides real-time monitoring of system related activities and initiates responses to potential threats. It can respond to threats in real-time by triggering alerts and taking immediate corrective action. It gives organizations the flexibility to audit only the critical events they deem necessary, eliminating the fear of DASD usage.

The main objective is to ensure that the organization's information technology and business systems are adequately controlled, monitored and assessed.

The system security audit covers the review of data security in business applications from confidentiality and integrity point of view, as well as the assessment of built-in controls and system's integrity.

For financial institutions the system audits are required by the law. Thus in case of such reviews, we review the compliance with the relevant law and regulations.

Maintaining Security

Maintaining security is an ongoing process and is something that must be reviewed and revisited periodically. Maintaining a secure system requires vigilance because the default security configuration for any system tends to become increasingly open over time.

The controls used to achieve security are many and varied. In order to assess the level of security required, it is necessary to identify the risk which applies to your system installation. After identifying the risks, select those controls which will provide the appropriate level of security for the data, systems and organization.

The following areas of the system activity should be monitored on a regular basis:

1. Access controls

2. System Activity monitoring

3. Audit trail

...

...

Download as:   txt (2.5 Kb)   pdf (54.5 Kb)   docx (9.6 Kb)  
Continue for 1 more page »
Only available on AllBestEssays.com