What are the control techniques ensured by an IS auditor for the security of the client/server environment?

A Management Information System ICT Revision Questions and Answers

To increase the security, an IS auditor should ensure that the following control techniques are in place:

a) Access to data and application is secured by disabling the floppy disk drive.
b) Diskless workstation prevents unauthorized access.
c) Unauthorized users may be prevented from overriding login scripts and access by securing automatic boot or start-up batch files.
d) Network monitoring can be done to know about the client so that it will be helpful for later investigation, if it is monitored properly.
e) Data encryption techniques are used to protect data from unauthorized access.
f) Authentication system can be provided to a client, so that they can enter into system, only by entering login name and password.
g) Smart cards can be used. It uses intelligent handheld devices and encryption techniques to decipher random codes provided by client-server based operating systems.
h) Application controls may be used and users will be limited to access only those functions in the system those are required to perform their duties.



Leave a Reply

Your email address will not be published. Required fields are marked *