جميع الحقوق محفوظة ـ اإلعتداء عىل حق املؤلف 59 بالنسخ أو الطباعة يعرض فاعله للمسائلة القانونيةSystem security depends mainly on: operating systems and network and Proper Data base management Auditor role:Use audit procedures to Verify the accurate structure of 1) IT Function,2) operating systems3) network4) Proper Data base management:  Obtain and review security policy  Verify policy is communicated  Review relevant documentation (org. chart, mission statement, key job descriptions) to determine if individuals are performing incompatible tasks.  Review systems documentation and maintenance records (using a sample of applications)  Verify whether maintenance programmers are not also original design programmers  Observe segregation policies in practice  Review operations room access log to determine whether programmers enter the facility for reasons other than system failures Review user rights and privileges  Review Physical controls over computer centers  Review applied Disaster recovery plan employed  Test activation of authorization and authentication controls o All users are required to have passwords o password instructions for new users o passwords changed regularly o password file to determine that weak passwords are identified and disallowed o encryption of password file and the encryption key is properly secured. o password standards o account lockout policies: The auditor should determine how many failed logon attempts are allowed before the account is locked  Test Audit trails control (verify existence of transaction log-Review sample of transactions) review or verify…1. Audit trails have been activated in accordance to the organization policy. 2. Archived log files to search for  unauthorized or terminated users  periods of inactivity