Page 54 - Auditinf Electronic System
P. 54

Among the most Effective controls to address cybersecurity risks and mitigate
    possible cyber -attacks include:

    ▪ Use of Data Encryption: Encryption technology converts data into a code.

       Unauthorized users may still be able to access the data, but without the encryption
       key, they cannot decode it.

    ▪ Firewalls and antiviruses: A firewall is a combination of hardware and software

       that separates an internal network from an external network, such as the Internet,
       and prevents passage of specific types of traffic

    ▪ Segregation of Duties: an internal control designed to prevent error and fraud

       by ensuring that at least two individuals are responsible for the separate parts of
       any task
       a. The segregation of accounting duties can enhance systems security.

           Segregation of duties involves the separation of the functions of authorization,
           recordkeeping, and asset custody so as to minimize the opportunities for a
           person to be able to perpetrate and conceal errors or fraud in the normal course
           of his or her duties.
       b. Thus, computer operators, programmers, analysts, and librarians should not
           have overlapping responsibilities.

    ▪ Password optimization: Passwords should be difficult to guess. dialog can be

       designed to query the user for common names in his or her life (children, pets,
       sports teams) so that these words can be stored and never permitted by the
       system to be used as that person's password. The system should force passwords
       to be changed periodically, e.g., every 90 days. ideally, passwords are at least
       eight characters long and contain both uppercase and lowercase letters and
       numerals.

    o Password fatigue results when users must log on to several systems in the
       course of a day. Users are likely to write down their IDs and passwords in
       such cases, defeating the purpose of automated authentication.

    o Ex: Single sign-on can be the solution in well-managed systems
       environments. A single ID and password combination is required to allow a
       user access to all IT resources (s)he needs. A high level of maintenance and
       security consciousness is required to make single sign-on successful.

    ▪ Routine Backup and Offsite Rotation:

    A typical backup routine involves duplicating all data files and application programs
    at least once a month. (Application files must be backed up as well as data since

    55

54

    ‫جميع الحقوق محفوظة ـ الإعتداء على حق المؤلف بالنسخ أو الطباعة يعرض فاعله للمسائلة القانونية‬
   49   50   51   52   53   54   55   56   57   58   59