Mobile computing devices for business purposes must safeguard the equipment in
In possession of laptop, portable computer, personal digital assistant, or
Housed off-site at a safe distance from the main site in order to avoid damageĪrising from a disaster at the main site. Media containing business essential and/or mission critical information must be Other reasons, in order to minimize the extent of loss and disruption. Protection from disaster and security threats, whether natural or caused by Risk Management Certification Physical SecurityĬenters and computer rooms must have good physical security and strong Get certified in Risk Management through our completely on-line training system. Retention, archival, and disposal standards and procedures Storage, alternate processing strategies, and crisis management plans Related to malicious software (virus’s & worms)įor business continuity, including site and application recovery plans, supporting backup and recovery processes, offsite Of unauthorized and unsuccessful attempts to access applications and
Thresholds for maximum sign-on attempts, and password change controls Regarding identification and authentication, including inactive session limits, Information creation, transmittal, storage, backup, archival, recovery or Regarding access to resources (network, system, applications, data) during Regarding access to buildings and sensitive areas With respect to these audits, inspection of theįollowing items would appear to be reasonable: Under normal circumstances auditors conduct IT type audits to inspect and to ensure that the company adequately protects information. It provides items to review during the audit and question to ask.
This article covers IT Audit Tool and Guide.