SlideShare a Scribd company logo

Audit of it infrastructure

Download as PPT, PDF
P
pramod_kmr73

The document discusses auditing IT infrastructure including hardware, networks, and telecommunications devices. It provides details on objectives of IT audits such as assessing continuity, management/maintenance, and security of systems. It also discusses standards and guidelines for auditing such as CobiT, ISO 27001, and reviewing hardware assets, network design, security, backups, and telecommunication agreements and invoices.

Technology
1 of 32
Downloaded 1,712 times
1
2
3
Most read
4
5
6
7
8
Most read
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Most read
24
25
26
27
28
29
30
31
32
Audit of IT infrastructure Hardware, Network and Telecommunications Devices
What is IT Audit Examination of the controls within an Information technology (IT) infrastructure. Process of collecting and evaluating evidence of an organization's IT infrastructure. Understanding and evaluating each control. Assess compliance. Substantiate the risk of controls not being met.
Why IT Audit? Ensuring servers to be properly configured for both efficiency and security. Looking for hardware specific productivity drains. Obtain an asset listing of all hardware. L ooking for causes of frequent problems. E nsuring backup systems are adequate, monitored, tested regularly. Determining risks to information assets. Assessing controls in order to reduce or mitigate these risks.
Objectives of IT Audit? Continuity (consistent reliability and availability of system -- back-up and ability to recover) Management and Maintenance (additions, change procedures, upgrades, and documentation) Security (appropriate physical and logical access to network devices and hosts)
Perspectives of IS Audit
ISACA - CobiT Generally applicable and accepted international standard for good practices for IT controls based on ISACA ’s existing Control Objectives three specific audiences management, users, and auditors.
ISACA - CobiT provides detailed Audit Guidelines for auditors to follow in performing information systems audits Audit Guidelines provide a complementary tool to enable the easy application of the Framework and Control Objectives within audit activities objectives of auditing provide management with reasonable assurance that control objectives are being met where there are significant control weaknesses, to substantiate the resulting risks Advise management on corrective actions needed
ISO:IEC 27001 2005 International Organisation for Standardization International Electrotechnical Commission Provided a model for Establishing Implementing Operating Monitoring Reviewing and Improving Information Security Management System
ISO:IEC 27001 2005 PDCA model Plan  Establish ISMS Do  Implement and Operate Check  Monitor and Review Act  Maintain and improve
ISO:IEC 27001 2005 Control Objectives Control The policies, procedures, practices and organisational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected Control Objective A statement of the desired result or purpose to be achieved by implementing control practices in a particular IT activity
ISO:IEC 27001 2005 Control The information security policy is being reviewed at planned intervals or if significant changes occur to ensure its continuing suitability, adequacy, and effectiveness. Review of the information security policy A.5.1.2 Control An information security policy document has been approved by management, and published and communicated to all employees and relevant external parties. The latest version of this document is available for all employees on the ABC Company’s internal network. Information security policy document A.5.1.1 A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. A.5 Security policy
ISO:IEC 27001 2005 Control Rules for the acceptable use of information and assets associated with information processing facilities are identified, documented, and implemented. Acceptable use of assets A.7.1.3 Control All information and assets associated with information processing facilities are ‘owned’ by a designated part of the organization. Ownership of assets A.7.1.2 Control All assets are clearly identified and an inventory of all-important assets drawn up and maintained. The Classification of Assets is as per the guidelines laid out in Procedure on Risk Assessment. Rules of classification take asset value and importance into account. A list of assets including the owner and relevant details is kept with the respective functional departments. Additional asset details are maintained by the Admin Department for the purposes of audit and keeping track of assets. Inventory of assets A.7.1.1 A.7.1 Responsibility for assets Objective: To achieve and maintain appropriate protection of organizational assets. A.7 Asset management
Information Systems Hardware Infrastructure
Auditing Hardware Hardware asset listing (for your accounting/budgeting and equipment lifecycle planning). Analysis of Environmental conditions for equipment including heat and power protection. Network design analysis and network diagram (improves support response times with your IT provider). Report on appropriateness of hardware in all PC-based equipment (and how that impacts performance).
Auditing Hardware Report on server hardware appropriateness, performance, levels of redundancy (and any associated risks). Analysis of Server configuration (and any areas not done properly and if/why they are important). Security Analysis on multiple levels. Backup systems hardware, software, data sets, disaster readiness and risks.
ISO:IEC 27001 2005 Control Equipment are correctly maintained to ensure its continued availability and integrity. Equipment maintenance A.9.2.4 Control Power and telecommunications cabling carrying data or supporting information services are protected from interception or damage. Cabling security A.9.2.3 Control Security features, service levels, and management requirements of all network services are identified and included in any network services agreement, whether these services are provided in-house or outsourced. Security of network services A.10.6.2 Control Networks are adequately managed and controlled, in order to be protected from threats, and to maintain security for the systems and applications using the network, including information in transit. Network controls A.10.6.1 A.10.6 Network security management Objective: To ensure the protection of information in networks and the protection of the supporting infrastructure.
Routing controls are implemented for networks to ensure that computer connections and information flows do not breach the access control policy of the business applications. Network routing control A.11.4.7 For shared networks, especially those extending across the organization’s boundaries, the capability of users to connect to the network shall be restricted, in line with the access control policy and requirements of the business applications Network connection control A.11.4.6 Groups of information services, users, and information systems are segregated on networks. Segregation in networks A.11.4.5 Physical and logical access to diagnostic and configuration ports shall be controlled. Remote diagnostic and configuration port protection A.11.4.4 Automatic equipment identification is considered as a means to authenticate connections from specific locations and equipment. Equipment identification in the network A.11.4.3 Appropriate authentication methods shall be used to control access by remote users. User authentication for external connections A.11.4.2 Users shall only be provided with access to the services that they have been specifically authorized to use. Policy on use of network services A.11.4.1 A.11.4 Network access control Objective: To prevent unauthorized access to networked services.
Information Systems Network & Telecommunication Infrastructure
Auditing Networks
Network Vulnerabilities & Controls
Auditing Networks Review network policies and procedures Review network diagrams (layer 1 & 2), design, and walk-through, list of network equipment and IP address list Verify diagrams with Ping and Trace Route Review utilization, trouble reports & helpdesk procedures
Auditing Networks Probe systems (Netscan tools and Portscanner) Interview network vendors, users, and network technicians Review software settings on network equipment Inspect computer room and network locations Evaluate back-up and operational procedures Identify the paths and equipment used to navigate the network Identify TCP/IP infrastructure areas of concern
Auditing Networks Break into manageable pieces Every network is different and the components and risks must be fully understood Identify risks and prioritize Dedicate more upfront planning RELAX !! It’s not that bad !
Routers Inappropriate addresses or dangerous protocols accessing hosts/servers Inappropriate addresses conducting router maintenance Unauthenticated or trusted services used for maintenance Damaged router/network device configuration
Routers Failed upgrades or changes Not capturing network events Default passwords and clear text passwords transmitted over the network No console password
Firewalls Network Address Translation Intrusion Detection Systems (IDS) Virtual Private Networks (VPN) Demilitarised Zone (DMZ) Proxy Server
Firewalls Obtain Firewall Security policy Identify the services Identify logging procedure Identify configuration management process
Firewall Review Authentication controls DMZ Procedure for Device administration Procedure to review the logs Risk Management procedure Physical access control to firewall
Telecommunication Audit
Telecommunication Audit Assessment of an organization’s telecommunication environment. Telecom Audit defines the act of conducting a review, examination and reconciliation of Telecom Wireless Network customer service records Invoicing Contract agreements in order to ensure the accuracy of budgetary forecasting.
Telecommunication Audit Communications equipment such as PBX's Voice mail systems IVRs Telephone lines Leased lines are assessed to determine if they meet current business requirements and if possible alternate solutions should be considered.
 

More Related Content

ODP
Des
Anshul Sharma
 
PPT
IT System & Security Audit
Mufaddal Nullwala
 
PDF
Microsoft Windows Server 2022 Overview
David J Rosenthal
 
PPT
Computer hardware: a class presentation
Selim Reza Bappy
 
PPTX
Finance Case studies
Acharya Institute of Graduate Studies
 
PPTX
Auditing SOX ITGC Compliance
seanpizzy
 
PPTX
Cloud computing and data security
Mohammed Fazuluddin
 
PPTX
ARTIFACTS IN ECHO-1.pptx
AnayaAnaya14
 
Des
Anshul Sharma
 
IT System & Security Audit
Mufaddal Nullwala
 
Microsoft Windows Server 2022 Overview
David J Rosenthal
 
Computer hardware: a class presentation
Selim Reza Bappy
 
Finance Case studies
Acharya Institute of Graduate Studies
 
Auditing SOX ITGC Compliance
seanpizzy
 
Cloud computing and data security
Mohammed Fazuluddin
 
ARTIFACTS IN ECHO-1.pptx
AnayaAnaya14
 

What's hot (20)

PPT
The information security audit
Dhani Ahmad
 
PPTX
It audit methodologies
Salih Islam
 
PDF
Cisa domain 1
Ismail aboulezz
 
PPT
Security audit
Rosaria Dee
 
PDF
SOC-2 Compliance Status Report sample v10.0
Mark S. Mahre
 
PDF
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
InfosecTrain
 
PPTX
Iso 27001 isms presentation
Midhun Nirmal
 
PDF
Cyber Security Governance
Priyanka Aash
 
PPTX
IT Audit For Non-IT Auditors
Ed Tobias
 
PDF
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
PDF
Steps to iso 27001 implementation
Ralf Braga
 
PPTX
Isms
penetration Tester
 
PPTX
Information System Architecture and Audit Control Lecture 1
Yasir Khan
 
PDF
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
PDF
ISO 27001
n|u - The Open Security Community
 
PPTX
CISA Training - Chapter 5 - 2016
Hafiz Sheikh Adnan Ahmed
 
PDF
Basics in IT Audit and Application Control Testing
Dinesh O Bareja
 
PDF
CISA Domain 4 Information Systems Operation | Infosectrain
InfosecTrain
 
PDF
What is ISO 27001 ISMS
Business Beam
 
PPTX
Project plan for ISO 27001
technakama
 
The information security audit
Dhani Ahmad
 
It audit methodologies
Salih Islam
 
Cisa domain 1
Ismail aboulezz
 
Security audit
Rosaria Dee
 
SOC-2 Compliance Status Report sample v10.0
Mark S. Mahre
 
CISA Domain 3 - Information Systems Acquisition, Development and Implementation
InfosecTrain
 
Iso 27001 isms presentation
Midhun Nirmal
 
Cyber Security Governance
Priyanka Aash
 
IT Audit For Non-IT Auditors
Ed Tobias
 
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
Steps to iso 27001 implementation
Ralf Braga
 
Isms
penetration Tester
 
Information System Architecture and Audit Control Lecture 1
Yasir Khan
 
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISO 27001
n|u - The Open Security Community
 
CISA Training - Chapter 5 - 2016
Hafiz Sheikh Adnan Ahmed
 
Basics in IT Audit and Application Control Testing
Dinesh O Bareja
 
CISA Domain 4 Information Systems Operation | Infosectrain
InfosecTrain
 
What is ISO 27001 ISMS
Business Beam
 
Project plan for ISO 27001
technakama
 
Ad

Similar to Audit of it infrastructure (20)

PPT
It Audit And Forensics
JED Consulting Services LLC
 
ODP
Securing control systems v0.4
CrispnCrunch
 
PPT
industrialcontrolsystemscybersecurity-230201070859-90cfc987 (1).ppt
JotiramShinde4
 
PDF
Segregation of IT and OT Networks across organization
NaveedQuadri3
 
PPTX
chp unit 1 Provide Network System Administration.pptx
TadeseBeyene
 
PPTX
Secure Software Development Best Practices
Joe Orlando
 
PDF
Standards based security for energy utilities
Nirmal Thaliyil
 
DOCX
Comprehensive Guide to Infrastructure Monitoring with Key Benefits and Best P...
HEX64
 
PDF
Best practices for building network operations center
Satish Chavan
 
PPT
27001 2013 iso geek
officialmanager
 
PPTX
Resove network problem.pptx
TadeseBeyene
 
PPTX
Technology Audit | IT Audit | ERP Audit | Database Security
Arish Roy
 
PPTX
Auditing of Computer-Based Information Systems.pptx
mayada34
 
PDF
Advantages And Disadvantages Of Nc
Kristen Wilson
 
DOCX
A Comprehensive Guide to Ensuring Optimal Network Health with Network Operati...
HEX64
 
PPTX
Network Management, Monitoring and Control.pptx
MaryOyebanji
 
PPTX
Network management
Manali Wadnerkar
 
PPT
Auditing Check Point Firewalls
Ben Rothke
 
PPTX
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
ControlCase
 
PPTX
Security auditing architecture
Vishnupriya T H
 
It Audit And Forensics
JED Consulting Services LLC
 
Securing control systems v0.4
CrispnCrunch
 
industrialcontrolsystemscybersecurity-230201070859-90cfc987 (1).ppt
JotiramShinde4
 
Segregation of IT and OT Networks across organization
NaveedQuadri3
 
chp unit 1 Provide Network System Administration.pptx
TadeseBeyene
 
Secure Software Development Best Practices
Joe Orlando
 
Standards based security for energy utilities
Nirmal Thaliyil
 
Comprehensive Guide to Infrastructure Monitoring with Key Benefits and Best P...
HEX64
 
Best practices for building network operations center
Satish Chavan
 
27001 2013 iso geek
officialmanager
 
Resove network problem.pptx
TadeseBeyene
 
Technology Audit | IT Audit | ERP Audit | Database Security
Arish Roy
 
Auditing of Computer-Based Information Systems.pptx
mayada34
 
Advantages And Disadvantages Of Nc
Kristen Wilson
 
A Comprehensive Guide to Ensuring Optimal Network Health with Network Operati...
HEX64
 
Network Management, Monitoring and Control.pptx
MaryOyebanji
 
Network management
Manali Wadnerkar
 
Auditing Check Point Firewalls
Ben Rothke
 
Continual Compliance for PCI DSS, E13PA and ISO 27001/2
ControlCase
 
Security auditing architecture
Vishnupriya T H
 
Ad

Recently uploaded (20)

PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
PDF
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
PDF
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
PDF
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PDF
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
PDF
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
PDF
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
PDF
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PDF
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
PPTX
Simple and concise overview about Quantum computing..pptx
mughal641
 
PDF
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
PDF
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
PPTX
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
CIFDAQ's Market Wrap : Bears Back in Control?
CIFDAQ
 
AI-Cloud-Business-Management-Platforms-The-Key-to-Efficiency-Growth.pdf
Artjoker Software Development Company
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
Research-Fundamentals-and-Topic-Development.pdf
ayesha butalia
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
New ThousandEyes Product Innovations: Cisco Live June 2025
ThousandEyes
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
OFFOFFBOX™ – A New Era for African Film | Startup Presentation
ambaicciwalkerbrian
 
Get More from Fiori Automation - What’s New, What Works, and What’s Next.pdf
Precisely
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
Using Anchore and DefectDojo to Stand Up Your DevSecOps Function
Anchore
 
Simple and concise overview about Quantum computing..pptx
mughal641
 
A Strategic Analysis of the MVNO Wave in Emerging Markets.pdf
IPLOOK Networks
 
Google I/O Extended 2025 Baku - all ppts
HusseinMalikMammadli
 
Introduction to Flutter by Ayush Desai.pptx
ayushdesai204
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 

Audit of it infrastructure

  • 1. Audit of IT infrastructure Hardware, Network and Telecommunications Devices
  • 2. What is IT Audit Examination of the controls within an Information technology (IT) infrastructure. Process of collecting and evaluating evidence of an organization's IT infrastructure. Understanding and evaluating each control. Assess compliance. Substantiate the risk of controls not being met.
  • 3. Why IT Audit? Ensuring servers to be properly configured for both efficiency and security. Looking for hardware specific productivity drains. Obtain an asset listing of all hardware. L ooking for causes of frequent problems. E nsuring backup systems are adequate, monitored, tested regularly. Determining risks to information assets. Assessing controls in order to reduce or mitigate these risks.
  • 4. Objectives of IT Audit? Continuity (consistent reliability and availability of system -- back-up and ability to recover) Management and Maintenance (additions, change procedures, upgrades, and documentation) Security (appropriate physical and logical access to network devices and hosts)
  • 6. ISACA - CobiT Generally applicable and accepted international standard for good practices for IT controls based on ISACA ’s existing Control Objectives three specific audiences management, users, and auditors.
  • 7. ISACA - CobiT provides detailed Audit Guidelines for auditors to follow in performing information systems audits Audit Guidelines provide a complementary tool to enable the easy application of the Framework and Control Objectives within audit activities objectives of auditing provide management with reasonable assurance that control objectives are being met where there are significant control weaknesses, to substantiate the resulting risks Advise management on corrective actions needed
  • 8. ISO:IEC 27001 2005 International Organisation for Standardization International Electrotechnical Commission Provided a model for Establishing Implementing Operating Monitoring Reviewing and Improving Information Security Management System
  • 9. ISO:IEC 27001 2005 PDCA model Plan  Establish ISMS Do  Implement and Operate Check  Monitor and Review Act  Maintain and improve
  • 10. ISO:IEC 27001 2005 Control Objectives Control The policies, procedures, practices and organisational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected Control Objective A statement of the desired result or purpose to be achieved by implementing control practices in a particular IT activity
  • 11. ISO:IEC 27001 2005 Control The information security policy is being reviewed at planned intervals or if significant changes occur to ensure its continuing suitability, adequacy, and effectiveness. Review of the information security policy A.5.1.2 Control An information security policy document has been approved by management, and published and communicated to all employees and relevant external parties. The latest version of this document is available for all employees on the ABC Company’s internal network. Information security policy document A.5.1.1 A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations. A.5 Security policy
  • 12. ISO:IEC 27001 2005 Control Rules for the acceptable use of information and assets associated with information processing facilities are identified, documented, and implemented. Acceptable use of assets A.7.1.3 Control All information and assets associated with information processing facilities are ‘owned’ by a designated part of the organization. Ownership of assets A.7.1.2 Control All assets are clearly identified and an inventory of all-important assets drawn up and maintained. The Classification of Assets is as per the guidelines laid out in Procedure on Risk Assessment. Rules of classification take asset value and importance into account. A list of assets including the owner and relevant details is kept with the respective functional departments. Additional asset details are maintained by the Admin Department for the purposes of audit and keeping track of assets. Inventory of assets A.7.1.1 A.7.1 Responsibility for assets Objective: To achieve and maintain appropriate protection of organizational assets. A.7 Asset management
  • 14. Auditing Hardware Hardware asset listing (for your accounting/budgeting and equipment lifecycle planning). Analysis of Environmental conditions for equipment including heat and power protection. Network design analysis and network diagram (improves support response times with your IT provider). Report on appropriateness of hardware in all PC-based equipment (and how that impacts performance).
  • 15. Auditing Hardware Report on server hardware appropriateness, performance, levels of redundancy (and any associated risks). Analysis of Server configuration (and any areas not done properly and if/why they are important). Security Analysis on multiple levels. Backup systems hardware, software, data sets, disaster readiness and risks.
  • 16. ISO:IEC 27001 2005 Control Equipment are correctly maintained to ensure its continued availability and integrity. Equipment maintenance A.9.2.4 Control Power and telecommunications cabling carrying data or supporting information services are protected from interception or damage. Cabling security A.9.2.3 Control Security features, service levels, and management requirements of all network services are identified and included in any network services agreement, whether these services are provided in-house or outsourced. Security of network services A.10.6.2 Control Networks are adequately managed and controlled, in order to be protected from threats, and to maintain security for the systems and applications using the network, including information in transit. Network controls A.10.6.1 A.10.6 Network security management Objective: To ensure the protection of information in networks and the protection of the supporting infrastructure.
  • 17. Routing controls are implemented for networks to ensure that computer connections and information flows do not breach the access control policy of the business applications. Network routing control A.11.4.7 For shared networks, especially those extending across the organization’s boundaries, the capability of users to connect to the network shall be restricted, in line with the access control policy and requirements of the business applications Network connection control A.11.4.6 Groups of information services, users, and information systems are segregated on networks. Segregation in networks A.11.4.5 Physical and logical access to diagnostic and configuration ports shall be controlled. Remote diagnostic and configuration port protection A.11.4.4 Automatic equipment identification is considered as a means to authenticate connections from specific locations and equipment. Equipment identification in the network A.11.4.3 Appropriate authentication methods shall be used to control access by remote users. User authentication for external connections A.11.4.2 Users shall only be provided with access to the services that they have been specifically authorized to use. Policy on use of network services A.11.4.1 A.11.4 Network access control Objective: To prevent unauthorized access to networked services.
  • 18. Information Systems Network & Telecommunication Infrastructure
  • 21. Auditing Networks Review network policies and procedures Review network diagrams (layer 1 & 2), design, and walk-through, list of network equipment and IP address list Verify diagrams with Ping and Trace Route Review utilization, trouble reports & helpdesk procedures
  • 22. Auditing Networks Probe systems (Netscan tools and Portscanner) Interview network vendors, users, and network technicians Review software settings on network equipment Inspect computer room and network locations Evaluate back-up and operational procedures Identify the paths and equipment used to navigate the network Identify TCP/IP infrastructure areas of concern
  • 23. Auditing Networks Break into manageable pieces Every network is different and the components and risks must be fully understood Identify risks and prioritize Dedicate more upfront planning RELAX !! It’s not that bad !
  • 24. Routers Inappropriate addresses or dangerous protocols accessing hosts/servers Inappropriate addresses conducting router maintenance Unauthenticated or trusted services used for maintenance Damaged router/network device configuration
  • 25. Routers Failed upgrades or changes Not capturing network events Default passwords and clear text passwords transmitted over the network No console password
  • 26. Firewalls Network Address Translation Intrusion Detection Systems (IDS) Virtual Private Networks (VPN) Demilitarised Zone (DMZ) Proxy Server
  • 27. Firewalls Obtain Firewall Security policy Identify the services Identify logging procedure Identify configuration management process
  • 28. Firewall Review Authentication controls DMZ Procedure for Device administration Procedure to review the logs Risk Management procedure Physical access control to firewall
  • 30. Telecommunication Audit Assessment of an organization’s telecommunication environment. Telecom Audit defines the act of conducting a review, examination and reconciliation of Telecom Wireless Network customer service records Invoicing Contract agreements in order to ensure the accuracy of budgetary forecasting.
  • 31. Telecommunication Audit Communications equipment such as PBX's Voice mail systems IVRs Telephone lines Leased lines are assessed to determine if they meet current business requirements and if possible alternate solutions should be considered.
  • 32.  

Editor's Notes

  • #21: Interception- The data that are transmitted over the network pass through some medium. These data could be intercepted and subject to disclosure. Availability - As networks proliferate, more and more users are remote and access their applications over the network. If network connectivity fails there would be serious interruption to business and consequent damages. Access - Network provides the feasibility for access to the system from anywhere. A single weak point in the network can make all the information assets in the network vulnerable to intruders.