Deze scriptie is geschreven door beide op persoonlijke titel
IT-control framework voor de Douanevereenvoudiging Self ... - Vurore
IT-control framework voor de Douanevereenvoudiging Self ... - Vurore
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Ensure systems security (DS5)Control objective: control provide reasonable assurance that the systems and subsystems areappr<strong>op</strong>riately secures to prevent unauthorized use, d<strong>is</strong>closure, modification, damage or loss ofdataIllustrative controlsCobitAn information security policy ex<strong>is</strong>t and has been approved by PO6.3, PO6.5, DS5.2an appr<strong>op</strong>riate level of executive managementA framework of security standards has been devel<strong>op</strong>ed that PO8.2, DS5.2supports the objectives of the security policyAn IT security plan ex<strong>is</strong>t that aligned with overall IT strategic DS5.2plansAn II security plan <strong>is</strong> updates to reflect changes in the IT environmentas well as security requirements of specific systemsDS5.2Procedures ex<strong>is</strong>t and are followed to authenticate all users of DS5.3the system (both internal and external) to support the ex<strong>is</strong>tenceof transactionsProcedures ex<strong>is</strong>t and are followed to maintain the effectiveness DS5.3, DS5.4of authentication and access mechan<strong>is</strong>ms (e.g. regular passwordschanges)Procedures ex<strong>is</strong>t and are followed relating to timely action for DS5.4requesting, establ<strong>is</strong>hing, <strong>is</strong>suing, suspending and closing useraccounts (include procedures for authenticating transactionsoriginating outside the organization)A control process ex<strong>is</strong>t and <strong>is</strong> followed to periodically review DS5.4and conform access rightsWhere appr<strong>op</strong>riate, controls ex<strong>is</strong>t so that neither party van deny DS11.6transactions, and controls are implemented to provide nonrepudiationof origin or receipt, proof of subm<strong>is</strong>sion, and receiptof transactionAppr<strong>op</strong>riate controls, including firewalls, intrusion detection DS5.10and vulnerability assessments, ex<strong>is</strong>t and are used to prevent unauthorizedaccess via public networksIT security admin<strong>is</strong>tration monitors and logs security activity at DS5.5the <strong>op</strong>erating system, application, and database levels and identifiedsecurity violations are reported to senior managementControls relating to appr<strong>op</strong>riate segregation of duties over requestingand granting access to systems and data ex<strong>is</strong>t and areDS5.3, DS5.4followedAccess to facilities <strong>is</strong> restricted to authorized personnel and requiresappr<strong>op</strong>riate identification andDS12.2, DS12.3authenticationTabel 20:Ensure systems security (DS5)49