Page 24 - Auditinf Electronic System
P. 24
B/1- Physical access controls:
provide security over tangible IT resources and include such things as locked
doors, surveillance cameras, and security guards, fire detection and
suppression equipment. Housing sensitive equipment, applications, and data
away from environmental hazards such as flood plains, flight paths, or
flammable liquid stores. Physical Controls: Physical controls limit physical
access and environmental damage to computer equipment and important
documents.
B/1/1: Physical access. Only operators should be allowed unmonitored access to the
computer center.
B/1/2: Environmental controls. The computer center should be equipped with a
cooling and heating system to maintain a year-round constant level of
temperature and humidity, and a fire-suppression system.
B/2: Logical access controls:
provide security over software and information imbedded in the system and
include such things as firewalls, encryption, login IDs, passwords,
authorization tables, and computer activity logs.
B/2/1: Logical Controls:
Controls that focus on authentication and authorization
B/2/1/1: Authentication:
- The act of ensuring that the person attempting to access the system is in fact
who he says he is.
- The most widespread means of achieving this is through the use of IDs and
passwords.
- Authentication is the process of verifying who someone is
B/2/1/2: Authorization:
Is the practice of ensuring that, once in the system, the user can only access
those programs and data elements necessary to his job duties.
- In many cases, users should be able to view the contents of some data fields
but not be able to change them.
- authorization is the process of verifying what specific applications, files, and
data a user has access to.
24 25
جميع الحقوق محفوظة ـ الإعتداء على حق المؤلف بالنسخ أو الطباعة يعرض فاعله للمسائلة القانونية
