...Chapter 12 – Network Management Lab In this Lab you will use the Event Viewer application to explore the event log on a computer running the Windows operating system. You can find the Event Viewer as follows: Click Start, click Control Panel, and then click System and Security; under Administrative Tools click the Event Viewer. For this exercise, you need a computer running Windows. Ideally, it should be a computer that has been used for a while, so that the event log contains several entries. It need not be connected to a network. However, you must be logged on to the computer as a user with administrator-equivalent privileges. 1. Click Start, then click Control Panel. The Control Panel window appears. 2. In the Control Panel window, click System and Security. The System and Security window appears. 3. If the entire list of options doesn’t appear, scroll to the bottom of the window and click View event logs under the Administrative Tools heading. 4. A User Account Control window appears, requesting your permission to continue. Click Continue. 1. The Event Viewer window appears, with three columns of panes. The center pane lists a summary of administrative events. Notice that events are classified into the following types: Critical, Error, Warning, Information, Audit Success, and Audit Failure. The number of events that have been logged in each category are listed to the right of the classification entry. How...
Words: 1193 - Pages: 5
...Assessing Information Technology General Control Risk: An Instructional Case Carolyn Strand Norman, Mark D. Payne, and Valaria P. Vendrzyk ABSTRACT: Information Technology General Controls (ITGCs), a fundamental category of internal controls, provide an overall foundation for reliance on any information produced by a system. Since the relation between ITGCs and the information produced by an organization’s various application programs is indirect, understanding how ITGCs interact and affect an auditor’s risk assessment is often challenging for students. This case helps students assess overall ITGC risk within an organization’s information systems. Students identify specific strengths and weaknesses within five ITGC areas, provide a risk assessment for each area, and then evaluate an organization’s overall level of ITGC risk within the context of an integrated audit. Keywords: internal controls; general control; ITGC; risk assessment. INTRODUCTION he Sarbanes-Oxley Act (SOX 2002) and the Public Company Accounting Oversight Board (PCAOB) Auditing Standard No. 5 (PCAOB 2007) require that the organization’s chief executive officer (CEO) and chief financial officer (CFO) include an assessment of the operating effectiveness of their internal control structure over financial reporting when issuing the annual report. External auditors must review management’s internal control assessment as part of an annual integrated audit of an organization’s internal controls over financial reporting. In short...
Words: 6299 - Pages: 26
...History of HRI Express HRI Express and Restaurant Supplies was established in September 2001. The objective was to sell restaurant supplies, however due to various reasons, owner Sue Hufford decided to shift focus. In October of 2001 the small business kept its name and ventured into the planting of lettuce and herbs which has been in operations since then. HRI produces lettuces, fresh parsley, mint, cilantro, and sweet basil. Table 1.1 below details the prices of it produce. Table 1.1: Prices of HRI Express Produce Produce Price Big Lettuce 5 0z to 80z $5 per bag Mesclun Mix 6oz $5 per bag Romaine Lettuce 8 oz $5 per bag Fresh Parsley $7 per bag Mint $7 per bag Cilantro $5.50 per lb Sweet Basil $5.50 per lb HRI Express produce are purchased by hotels, resorts and embassy diplomats. Its delivery schedule for the week entails deliveries to Belize City on Wednesdays and to Belmopan on Thursdays. The business is comprised of six (8) persons, namely: • Owner - Sue Hufford as the owner is responsible for the more technical operations of the HRI Express. • Marva is responsible in the book aspect of HRI Express. • Six (6) persons who work on the plantation and oversees the production process. Sales and Collection Procedures An overview of HRI Express’s Sales and Collection Cycle is illustrated in Figure 1.1. The cycle begins with the receipt of customer orders via telephone, email or on site. A copy of the customer order is routed to plantation workers who...
Words: 1239 - Pages: 5
...IT AUDIT REPORT FOR Contents Contents 2 Contents 2 1. Introduction 4 1.1 Purpose 4 1.2 Scope 4 2. Background Information 4 3. Assets Identification 5 4. Threat Assesment 5 5. LAWS, REGULATIONS AND POLICY . 5 5.1 Hospital Policy. 5 5.2 Vulnerabilities. 5 6. PERSONNEL 5 6.2 Management. 6 6.3 Operations. 6 6.4 Development 6 6.5 Vulnerabilities. 7 7. Systems and Applications. 7 7.1 Vulnerabilities. 7 8. Information Processing Facilities (Data Centers) 7 8.1 Vulnerabilities 7 9. Systems Development 8 9.1 Vulnerabilities 8 10. Management of IT and Enterprise Architecture 8 11. Client, Server, Telecommunications, Intranets and Extranets 8 11.1 Building Vulnerabilities 8 11.1 Security Perimeter 8 11.1 Server Area 8 12. Summary 8 12.1 Action Plan 8 1. Introduction • At present the Hospital has 250 beds including 40 adult ICU and 8 Pediatric ICU beds. • The Hospital is well equipped with latest technology like 1.5 Tesla MRI, 6 Slice Spiral CT Scan, Digital X-ray, Mammography, Intense Pulse Light (Cosmetic) and Diabetic Foot Care Equipment’s in the year 2007-08, the hospital provided services to 46000 patients. So far the hospital has repaired approximately 2400 cleft lip and cleft palate...
Words: 2618 - Pages: 11
...Case Study Country Case Study 8 February 2008 Systems for Verification of Legality in the Forest Sector, Malaysia: Domestic Timber Production and Timber Imports Adrian Wells (a.wells@odi.org.uk), Thang Hooi Chiew and Chen Hin Keong Contents 1. 2. Executive summary . . . . . . . pg. 3 . . . . . . . pg. 6 3. Law and policy governing forest management . . . . 3.1 Forests under the Federal Constitution . . . . 3.2 Forest management by the States . . . . . 3.3 Key jurisdictional differences between the Peninsula, Sabah and Sarawak . . . . pg. 7 pg. 7 pg. 8 pg. 9 4. Law and policy on wood-based industries and the timber trade . . . pg. 19 5. Responses to illegality in the forest sector . 5.1 Control of domestic timber production . 5.2 Control of timber imports . . . . . . . . . . . pg. 21 pg. 21 pg. 27 6. 7. Institutional structures for legal verification of domestic timber production and imports 6.1 Overview . . . . . . . 6.2 Peninsular Malaysia . . . . . . 6.3 Sabah . . . . . . . . 6.4 Sarawak . . . . . . . . 6.5 Timber imports . . . . . . . . . . . . . pg. 30 pg. 30 pg. 30 pg. 42 pg. 55 pg. 67 The...
Words: 28537 - Pages: 115
...2015 U8_A1 Video Summary 6 – Windows Operating System features The features of the Windows operating system will start with the Control Panel. This is where any changes to the system and configurations are allowed. There’s also the Security Center, where you can monitor the status of the security features including firewall setting and internet security settings. The performance maintenance can also be found under the Control Panel Administrative Tools. Under this tab, you can view Services, Local Security Policy, and Event Viewer. With the Local Security Policy, the user is allowed to change the password policy, account lockout policy, and audit policy. Under the Password Policy, the user will be able to change the password settings such as length, upper or lower case letters, and password history. The account lockout policy is where the minutes of lockout, the number of failed logon attempts, and lockout account counter. Also under the Local Security Policy, the user can look at the Directory service access, privilege use, policy change, and system events. Also under the Local Security Policy, The Security setting marks every event as success, failure, and no auditing. This will generate an event when it succeeds, fails, or no event is generated. This is also the area where the user can determine who can access the computer, which gives more control to the user. The event viewer logs the events that have occurred on the system. The sources of each log come from either the...
Words: 558 - Pages: 3
...Commission (COSO) “is dedicated to guiding executive management and governance entities toward the establishment of effective, efficient, and ethical business operations on a global basis. It sponsors and disseminates frameworks and guidance based on in-depth research, analysis, and best practices” (COSO, 2006). COSO is a private-sector program funded and sponsored by five professional organizations. The Committee conducted an 11-year research study to analyze instances of fraudulent financial reporting and determine contributing factors that lead to financial statement fraud (COSO, 2006). COSO’s research demonstrated that most fraudulent behavior involved the chief executive officer (CEO) and chief financial officer (CFO). In 83% of the cases, that COSO evaluated, either the CEO, CFO, or both implicated with fraudulent financial statements. In addition, managers, chief operating officers (COO), other significant executives, and members of the board were involved in unlawful acts as well. “The new Enterprise Risk Management (ERM) COSO framework...
Words: 1730 - Pages: 7
...------------------------------------------------- Rhombus, Inc. Company Security Policy Rev 1.1.15.12.4 Dec 2015 Editors: Rhombus, Inc. Policy Team 1 Rhombus, Inc. 14 1.1 About This Document 14 1.2 Company History 14 1.3 Company Structure and IT Assets 14 1.4 Industry Standards 15 1.5 Common Industry Threats 15 1.6 Policy Enforcement 16 2 Credit Card Security Policy 17 2.1 Introduction 17 2.2 Scope of Compliance 17 2.3 Requirement 1: Build and Maintain a Secure Network 17 2.4 Requirement 2: Do not use Vendor-Supplied Defaults for System Passwords and Other Security Parameters 18 2.5 Requirement 3: Protect Stored Cardholder Data 19 2.6 Requirement 4: Encrypt Transmission of Cardholder Data across Open and/or Public Networks 20 2.7 Requirement 5: use and Regularly Update Anti-Virus Software or Programs 20 2.8 Requirement 6: Develop and Maintain Secure Systems and Applications 21 2.9 Requirement 7: Restrict Access to Cardholder Data by Business Need to Know 21 2.10 Requirement 8: Assign a Unique ID to Each Person with Computer Access 22 2.11 Requirement 9: Restrict Physical Access to Cardholder Data 22 2.12 Requirement 10: Regularly Monitor and Test Networks 23 2.13 Requirement 11: Regularly Test Security Systems and Processes 25 2.14 Requirement 12: Maintain a Policy that Addresses Information Security for Employees and Contractors 26 2.15 Revision History 29 3 Acceptable Use Policy...
Words: 26545 - Pages: 107
...SELECT APPLICATION CONTROLS REVIEW OF THE FEDERAL BUREAU OF PRISONS’S SENTRY DATABASE SYSTEM U.S. Department of Justice Office of the Inspector General Audit Division Audit Report 03-25 July 2003 SELECT APPLICATION CONTROLS REVIEW OF THE FEDERAL BUREAU OF PRISONS’S SENTRY DATABASE SYSTEM EXECUTIVE SUMMARY SENTRY is the Federal Bureau of Prisons’s (BOP) primary mission support database. The system collects, maintains, and tracks critical inmate information, including inmate location, medical history, behavior history, and release data. SENTRY processes over 1 million transactions each day and tracks more than 165,000 inmates. Roughly 85 percent of these inmates are housed within the BOP facilities, with the remaining inmates confined in other government facilities (state or local) or privately operated facilities through contracts with the BOP. As of March 2003, over 24,000 personal computers at approximately 200 facilities could access SENTRY. The purpose of this audit was to assess the application controls for the BOP’s SENTRY database to determine whether inmate data entered in SENTRY is valid, properly authorized, and completely and accurately processed.1 Our criteria for conducting the review was the Federal Information System Controls Audit Manual (FISCAM).2 We reviewed the accuracy and timeliness of SENTRY’s input, processing, and output controls and judgmentally selected 3 of the BOP’s 29 Community Corrections Offices (CCO) to conduct onsite reviews of their operational...
Words: 14625 - Pages: 59
...security for the current networks and services in production. Implement Policies and procedures An Acceptable Use Policy is a policy that defines what type of actions are allowed to be performed on the systems and network to which the policy applies. For the school, an Acceptable Use Policy may state that users of the computers and network must be performing functions related to the school such as homework, administration, research, etc. In addition to defining what is allowed, the Acceptable Use Policy should also specify what actions will be taken when a user or individual violates the policy. The acceptable use policy should be made accessible to every user. One method to do this would be to display the policy when a user logs in or direct them to where they can read the document. (Glenn, 2003.) Develop Incident Response Procedures The incident response procedures should identify the following: ← Define who the respondents are and what each individual's responsibility is ← Specify what data is to be collected and what actions are expected ◦ This would include gathering information on the attacker and a clearly defined resolution path for the team to return systems to a pre-attack state ← Details to when the team should respond ◦ Different systems should be given different priorities depending on their importance. ← How should the team escalate issues when a critical decision is needed to be made? ◦ One...
Words: 699 - Pages: 3
...IT Audit Seminar organized by National Audit Office, China 1 to 4 September 2004 Paper on “Formulation of IT Auditing Standards” By -- Ms.Puja S Mandol and Ms. Monika Verma Supreme Audit Institution of India Introduction The use of computers and computer based information systems have pervaded deep and wide in every modern day organization. An organization must exercise control over these computer based information systems because the cost of errors and irregularities that may arise in these systems can be high and can even challenge the very existence of the organization. An organizations ability to survive can be severely undermined through corruption or destruction of its database; decision making errors caused by poor-quality information systems; losses incurred through computer abuses; loss of computer assets and their control on how the computers are used within the organization. Therefore managements across the world have deployed specialized auditors to audit their information systems to find out gaps between declared policies and actual use and shortcomings in the information system design and usage. Information Systems Audit is the process of collecting and evaluating evidence to determine whether a computer system has been designed to maintain data integrity, safeguard assets, allows organizational goals to be achieved effectively and uses the resources efficiently. The IS Auditor should see that not only adequate internal controls exist...
Words: 6839 - Pages: 28
...[pic] This template has been developed to complement the Queensland Government Information Standards. The information contained in this document may be used as additional reference material by Queensland Government agencies when managing software. Agencies should consider the information provided as reference material and interpret it in the context of their own agency methodologies. ISO/IEC 19770-1 Audit Checklist This checklist has been developed to be used in conjunction with ISO/IEC19770-1 Information technology – Software asset management – Part1: Processes (the ISO Standard), and should not be used in isolation from this Standard. The checklist has been developed to assist agencies to perform self-audits to monitor their progress towards best practice in software license management. The checklist outlines elements that should be met in order to be fully compliant with the ISO Standard. It may be used by Agencies to guide where improvements can be made in managing software licensing. Each element may be audited separately to check on progress towards maturity in specifically targeted areas, however, compliance with all element will ensure that the agency is aligned with industry best practice in software license management. The ‘Evidence’ section of the checklist outlines possible evidence that auditors may consider when evaluating level of compliance. This list can be modified to reflect individual agency requirements and is not intended as an exhaustive list...
Words: 3033 - Pages: 13
...Auditing and Assurance Services Table of Contents Meet the Audit Team 3 Partner Summary 5 Introduction 6 Part 1.1 a) Advanced Analytics in Professional Standards 6 Part 1.1 b) Academic Research on Advanced Analytical 6 Part 1.3 Simple Trend-line Regression 7 Part 2.1 Specific Risk of Material Misstatement 11 Part 2.2 An Appropriate Audit Program 12 Appendix 15 References 16 List of Key Audlish terms 17 Partner Summary In order to better understand the audit reports, we have documented academic research and existing audit standards relevant to planning stage APRs. This background information will provide a summary of professional standards and guidance directly related to APRs. First and foremost, every auditor must follow the standards called the Generally Accepted Auditing Standards (GAAS) which are set by the Public Company Accounting Oversight Board (PCAOB). Important sections within the standards required to know include: Independence, Consideration of Fraud in a Financial Statement Audit, and Communications about Control Deficiencies in Financial Statements, which includes nine rules that deal with identifying and reporting deficiencies found in financial statements. In the second part of our report, we prepared basic ARP’s and identified some key red flags for the Chevron Company. To access client viability, we used vertical and horizontal analysis, where we found...
Words: 3931 - Pages: 16
...element of work that is a logical and necessary step in performing a job duty. * A duty consist of one or more tasks that constitute a significant activity performed in a job. * A responsibility is one or several duties that identify and describe the major purpose or reason for the job’s existence. Job Description: A job description is a summary statement of the information collected in the job analysis process. It is a written document that identifies, defines and describes a job in term of its duties, responsibilities, working conditions and specifications. Example: Job Description of an Assistant Officer are shown in bellow: * Checking all payments of the Organization * Assist in monthly Internal Audit on various Department * Preparation of report on regular work. * Assist in auditing on VAT & Tax Computation * Assist in auditing Bank reconciliation statements * Perform any other task given by the management relating to Audit / Investigation on time to time. Key Learning Point: * Concept of job description. Specific Job Description: A specific job description is a detailed summary of a job’s task, duties and responsibilities. This type of job description is associated with work flow strategies that emphasize, efficiency, control and detailed work planning. It fits best with a bureaucratic organizational structure with well detailed work defined boundaries that separate functions and the different levels of management. General...
Words: 4262 - Pages: 18
...PROCEDURES 9 5.1 USER IDENTIFICATION AND AUTHENTICATION 9 5.2 DEVICE IDENTIFICATION AND AUTHENTICATION 10 5.3 IDENTIFIER MANAGEMENT 10 5.4 AUTHENTICATOR MANAGEMENT 10 5.5 ACCESS CONTROL POLICY AND PROCEDURES 11 5.7 ACCESS ENFORCEMENT 12 5.8 INFORMATION FLOW ENFORCEMENT 13 5.9 SEPARATION OF DUTIES 13 5.10 LEAST PRIVILEGE 14 5.11 UNSUCCESSFUL LOGIN ATTEMPTS 14 5.12 SYSTEM USE NOTIFICATION 14 5.13 SESSION LOCK 15 5.15 SUPERVISION AND REVIEW — ACCESS CONTROL 16 5.16 REMOTE ACCESS 16 5.17 USE OF EXTERNAL INFORMATION SYSTEMS 17 6. SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES 18 6.1 SECURITY TRAINING 19 7. AUDIT AND ACCOUNTABILITY POLICY AND PROCEDURES 19 7.1 AUDITABLE EVENTS 19 7.2 CONTENT OF AUDIT RECORDS 20 7.3 AUDIT STORAGE CAPACITY 20 7.4 AUDIT MONITORING, ANALYSIS, AND REPORTING 20 7.5 TIME STAMPS 21...
Words: 19387 - Pages: 78
