This website uses cookies to ensure you have the best experience. Learn more

Security Audit Essay

2192 words - 9 pages

Security auditing in any company involves establishing security levels in the company’s system. It comprises of vulnerability scans, reviewing applications and systems controls, and analyzing physical access into the system. Auditing is carried out to ensure information integrity of a company’s data and reliability of data exchange process through networked environment. In most cases, security auditing is done to ensure security measures are in place to protect the company against loss of information to the outside world. This paper addresses all the issues involved in security auditing of Ariam travel agency’s network and its premises.

Security Audit
Ariam travel agency handles bulk information that contains sensitive customers and employees’ information; it contains multiple external users and various e-commerce applications. Therefore, data security at this company is very important. Information that requires protection in this agency include customers details, associated business procedures, company policies, employees’ information, network documentation, security policies, and sensitive business procedures among others.
Firstly, when trying to cover the loopholes caused by network vulnerabilities, we identify people who have access to the company’s information. These include the employees, customers, programmers and network coordinators at large. Then, we sort out the limits of access of the information and the type of information various parties can access. Another factor is the occasion at which the data is accessible and from where the data can be retrieved. At this stage, we need to identify the network configuration, connection to the external network and the protection levels portrayed.
Since Ariam travel agency is a huge organization, network tools used are broad. We will seek to incorporate security tools to enhance security of data in the company and within the transmission period through the network. Therefore, we construct a topological representation of critical security models that we intend to implement within the organization. Among the tools are firewalls, proxy servers, encryption facilities, logical security and access controls, antivirus software and auditing systems.

Infrastructural design

As displayed on the above network diagram, Ariam Travel Agency comprises of six data centers with head data center located at Sydney. Since Sydney holds vital information, we shall opt to stock it with an extra security firewall. The firewall on each data center is placed before a switch connection. At the main data center, we structure the topology in a manner that is unique from all the other data centers. This is purposed for security reasons. The layout at this center is complex and many security measures will be put in place to ensure integrity.

Data center personnel
Each data center has a number of staff that has access to data. However, we limit the amount and type of data that various personnel can access....

Find Another Essay On Security Audit

How to enable the audit of Active Directory Objects in Windows 2008 R2

1217 words - 5 pages Policy” and select Edit to display the following window. Figure: Group Policy Management Editor 7. You’ve to browse through Computer Configurations > Policies > Windows Settings > Security Settings > Local Policies > Audit Policy, to access the auditing policies as show herein below. Figure: Audit Policy 8. Here, you can access the following audit policies. i) Audit account logon events ii) Audit account management iii) Audit directory

Auditor choice and institutional investor choice after the Enron scandal.

708 words - 3 pages French company tend to favour Big 4 audit firm, as the shareholder suffer lack of legal protection. Undeveloped financial security system make the role of Big 4 audit firm arise in some civil law countries and also developing market. However, the fall of Enron at the end of 2001 give impacts to the choice of auditor in the French firm. Arthur Anderson, ex Big 5 auditor firm play significant role in collapse of Enron. Based on the history, the

Security Risk Management SRM and Auditing

1022 words - 4 pages activities of the IT security function are varying in accordance with the criteria of size and sector"(Osborne 1998). The lack of management support is one of the key failures for IT project implementations (Johnson 1995). Similarly, without adequate management support, IT security audit would not accomplish much. Part of a balanced SRM is a proper risk evaluation or an audit. An IT security audit should be integrated into the corporate

Institutional Ownership

2007 words - 9 pages Audit Quality Indicators To date, there is no an absolute standard or benchmarks in describing audit quality of public companies’ financial statements. As mentioned earlier in the previous section, many researchers have conducted numerous studies to find a definite meaning of audit quality yet little consensus has been found. Standing Advisory Group (SAG) members of the Public Company Accounting Oversight Board (PCAOB) have taken an initiative

Steps to Enable File Access Auditing in Windows Server 2008 R2

882 words - 4 pages . Figure: Warning to edit a GPO 6. Read the message and click “OK” button. You can also check the box saying, “Do not show this message again”. 7. Right click on this new GPO and select “Edit” to display the following “Group Policy Management Editor”. Figure: Group Policy Management Editor 8. Browse the nodes Computer Configuration > Policies > Windows Settings > Security Settings > Local Policy, and click “Audit Policy” as shown herein below

Effect of CIS processing on the entity's internal control structure

3476 words - 14 pages controls, reduces the risks through general controls and application controls, and increases the effectiveness and efficiency of audit procedures by Computer Assisted Audit Techniques (CAATs).1. Effect of CIS processing on the entity's internal control structureAs a component of the internal control structure of an entity, a CIS has a number of roles. Such roles include actually performing controls in day-to-day transaction-processing activities and

Auditor General

2337 words - 10 pages and Section 16 (1) of the Finance and Audit (Reform) Act no 12 of 2005 the Auditor General is mandated to prepare an annual report documenting those significant findings for each financial year and present such report to the National Assembly. With this in mind, the purpose of this paper is to review the Auditor Generals Reports for years 2009/2010 and 2010/2011 which have been presented to the National Assembly. It will determine what

Ways to enable File Server Auditing on Windows Machines

965 words - 4 pages Auditing. 1. Go to Start Menu > All Programs > Administrative Tools > Local Security Settings. This will display the following window. Figure 1: Local Security Settings 2. Double click the Policy in the Right Hand Panel of above window and this will display the following window. Figure 2: Audit Account Logon Event Properties 3. Check both “Success” and “Failure” items in the above dialog box. 4. Click “Apply” and “OK” button to turn on the

Corporate Governance, Audit Committe, and Director Independence

1534 words - 7 pages Corporate Governance, Audit Committee & director independence A spate of shattering corporate collapses, particularly among large listed companies despite their annual reports and accounts have raised numerous issues in corporate governance. The corporate meteoric rise and fall was associated with serious deficiencies in its corporate governance, including weaknesses in internal control, financial reporting, audit quality, board’s scrutiny of

Information Security Credentials

1389 words - 6 pages )."Systems Security Certified Practitioner (SSCP): SSCP is a vendor-neutral computer security certification also governed by the International Information Systems Security Certification Consortium (ISC2). The SSCP certification test is based on seven domains of information technology; these seven domains are: Access control, Administration, Audit and monitoring, Cryptography, Data communications, Malicious code/malware, Risk, Response and

Comparison Among DB2 And Oracle In Term of Security

4280 words - 17 pages security mechanism. It ensures that authorized users don't abuse their privileges and users are held accountable for their actions. Since auditing is very important in database management system, both Oracle and DB2 provide audit facilities.7.1 Basic AuditingDB2 audit facility produces an audit trail to capture database-level and instance-level events. The generated records of this audit facility will keep in an audit log file. System misuse can

Similar Essays

Security Audit Essay

1554 words - 7 pages • The HoneyTree was hired by another company to conduct a security audit to examine the vulnerabilities of its information systems. To complete the security audit, it must be determined if there are vulnerabilities of its informational system. The set up and the overall security of the network area will be tested. The company is a five building campus. All five buildings, inside and outside will be tested. The perimeter of the campus will

Acceptable Use Policy (Aup) And Security Audit

863 words - 4 pages Acceptable Use Policy (AUP) and Security Audit In the computing world, the Acceptable Use Policy (AUP) refers to the set of rules that are applied by the manager of a particular computer network or website that helps to restrict the ways in which the website or network can be used (Ciampa, 2012). The AUP documents are normally written for the service providers in order to help reduce any potential legal action taken by a user subscribing to

Auditing The It Security Function: An Effective Framework

3483 words - 14 pages recognition of this, ways of measuring and monitoring the effectiveness of security controls and systems have been developed into internationally recognised standards, providing a valuable tool for Auditing the IT Security Function. Convincing management that the audit process is necessary to maintain good security is perhaps one of the main hurdles preventing good auditing practices to be adopted. There are, however, convincing arguments to help

The Importance Of A Comprehensive Security Policy For Modern Businesses

2140 words - 9 pages management, named "RAA". "RAA determines the translation of the IT security policy into working methods, procedures and products to ensure levels of protection of IT assets commensurate with their identified levels of risk"(Osborne, 1998). Finally, what auditors are involved in the audit of IT security function is the education and awareness. Osborne (1998) claims, for one thing, if individual staff are highly educated to practice an IT security