1. OPERATING SYSTEM CONTROLS :- | ||
1.1 Definition of OS 1.2 Tasks of OS 1.3 Objectives of OS :- 1.3.1 Protects OS from 1.3.2 Protects Users from 1.3.3 Protects Modules of OS from 1.4 Threats to OS :- 1.4.1 Accidental 1.4.2 Intentional | 1.5 Security requirement for OS :- 1.5.1 Access control :- A) Components :- i) Log-in ID ii) Access token iii) Access control list iv) Discretionary access B) Using passwords :- i) Definition ii) Types 1.5.2 Protection from Destructive Programs 1.5.3 Audit trail :- A) Definition B) Objectives C) Implementation | |
2. DATA MANAGEMENT CONTROLS :- | ||
2.1 Access Control 2.1.1 Types of systems 2.1.2 Controls | 2.2 Back-up control 2.2.1 File based environment 2.2.2 Database environment | |
3. ORGANISATION STRUCTURE CONTROLS :- 3.1 Development Operation 3.2 Development Maintenance 3.3 Data Library Operation 3.4 DBA Functions 3.5 Alternate structuring for Development | 4. SYSTEM DEVELOPMENT CONTROLS :- Group 1 4.1 Management Authorisation 4.2 User Specification 4.3 Auditor Participation Group 2 4.4 Technical Design 4.5 Testing 4.6 User Acceptance | |
5. SYSTEM MAINTENANCE CONTROLS :- Group 1 5.1 Authorisation 5.2 Technical Specification 5.3 Testing 5.4 Documentation 5.5 Access to Maintenance Commands Group 2 5.6 SPL control:- 5.6.1 Definition 5.6.2 Uncontrolled environment 5.6.3 Controlled environment 5.6.4 Benefits 5.7 Audit Trail Group 3 5.8 Version Numbering 5.9 Message Sequence Numbering | 6. COMPUTER CENTRE SECURITY CONTROLS:- 6.1 Risks 6.2 Measures :- 6.2.1 DRP :- A) Definition B) Components C) Recovery and Reconstruction D) DRP efficiency marking 6.2.2 Insurance | |
7. INTERNET INTRANET CONTROLS :- 7.1 Failure of :- 7.1.1 Component 7.1.2 Equipment 7.2 Subversive (Rebellious) threats to data being transmitted :- 7.2.1 Types of gaining access 7.2.2 Types of threats 7.2.3 Controls :- A) Software Data based :- | ||
i) Encryption :- a) Definition b) Process c) Types (with Definition, Process Drawbacks):- ¨ Private Key encryption ¨ Public key encryption | ii)Firewall:- a) Definition b) Characteristics c) Types (with Functions Drawbacks) :- ¨ Network Level ¨ Application Level | |
B) Communication Link based :- i) Message Transaction Log ii) Call Back Devices iii) Controlling “Denial of Service Attack” (with Process Definition) | ||
8. PC CONTROLS :- 8.1 Characteristics of PC 8.2 Risks 8.3 Solution :- | ||
8.3.1 Access control :- A) Disk locks :- i) Purpose ii) Types :- a) Physical b) Soft lock B) System locks | 8.3.2 Password Control 8.3.3 Backup :- A) Definition B) Types | |
Post a Comment