Deze scriptie is geschreven door beide op persoonlijke titel

More documents

Recommendations

Info

Ensure systems security (DS5)Control objective: control provide reasonable assurance that the systems and subsystems areappropriately secures to prevent unauthorized use, disclosure, modification, damage or loss ofdataIllustrative controlsCobitAn information security policy exist and has been approved by PO6.3, PO6.5, DS5.2an appropriate level of executive managementA framework of security standards has been developed that PO8.2, DS5.2supports the objectives of the security policyAn IT security plan exist that aligned with overall IT strategic DS5.2plansAn II security plan is updates to reflect changes in the IT environmentas well as security requirements of specific systemsDS5.2Procedures exist and are followed to authenticate all users of DS5.3the system (both internal and external) to support the existenceof transactionsProcedures exist and are followed to maintain the effectiveness DS5.3, DS5.4of authentication and access mechanisms (e.g. regular passwordschanges)Procedures exist and are followed relating to timely action for DS5.4requesting, establishing, issuing, suspending and closing useraccounts (include procedures for authenticating transactionsoriginating outside the organization)A control process exist and is followed to periodically review DS5.4and conform access rightsWhere appropriate, controls exist so that neither party van deny DS11.6transactions, and controls are implemented to provide nonrepudiationof origin or receipt, proof of submission, and receiptof transactionAppropriate controls, including firewalls, intrusion detection DS5.10and vulnerability assessments, exist and are used to prevent unauthorizedaccess via public networksIT security administration monitors and logs security activity at DS5.5the operating system, application, and database levels and identifiedsecurity violations are reported to senior managementControls relating to appropriate segregation of duties over requestingand granting access to systems and data exist and areDS5.3, DS5.4followedAccess to facilities is restricted to authorized personnel and requiresappropriate identification andDS12.2, DS12.3authenticationTabel 20:Ensure systems security (DS5)49
Manage the configuration (DS9)Control objective: control provide reasonable assurance that IT components, as they relate tosecurity and processing, are well protected, would prevent any unauthorized changes, and assistin the verification and recording of the current configurationIllustrative controlsCobitOnly authorized software is permitted for use by employees DS9.2using company IT assetsSystem infrastructure, including firewalls, routers, switches, DS5.3, DS5.4, DS5.10network operating systems, servers and other related devices, isproperly configured to prevent unauthorized accessApplication software and data storage systems are properly DS5.4configured to provision access based on the individuals demonstratedneed to view, add, change or delete dataIT management has established procedures across the organizationto protect information systems and technology from com-DS5.9puter virusesPeriodic testing and assessments is performed to conform that AI3.2, AI3.3the software and network infrastructure is appropriate configuredTabel 21:Manage the configuration (DS9)Manage problems and incident (DS10)Control objective: control provide reasonable assurance that any problems and/or incidents areproperly responded to, recorded, resolve or investigated for proper resolutionIllustrative controlsCobitIT management has defines and implemented an incident and DS8problem management system such that data integrity and accesscontrol incidents are recorded, analyzed, resolved in a timelymanner and reported to managementThe problem management system provides for adequate audit DS10.2trail facilities, which allow tracing from the problem or incidentto underlying causeA security incident response process exist to support timelyresponse and investigation of unauthorized activitiesTabel 22:Manage problems and incidents (DS10)DS5.6, DS8.3, DS10.1,DS10.350
Page 3 and 4: IT-Control framework voor de douane
Page 5 and 6: SamenvattingOns onderzoek presentee
Page 7 and 8: Hoofdstuk 6 Conclusies ............
Page 9 and 10: Overzicht van tabellenTABEL 1: TYPE
Page 11 and 12: noemd vanuit de invalshoeken intern
Page 13 and 14: Bij de belangrijkste faciliteit van
Page 15 and 16: §1.4 Aanpak onderzoek en leeswijze
Page 17 and 18: In paragraaf 2.2 wordt ingegaan op
Page 19 and 20: Voor de Nederlandse Douane is invoe
Page 21 and 22: - intern douanevervoer: van intern
Page 23 and 24: 2.1.3 Douane-entrepotOpslag is net
Page 25 and 26: de goederen hebben plaatsgevonden.
Page 27 and 28: Figuur 8: Globale weergave van de g
Page 29: Het MCC en het MCCIP 25 komen met h
Page 33 and 34: De Belastingdienst heeft gekozen vo
Page 35 and 36: en waarom de onderneming vindt dat
Page 37 and 38: - welke informatie voor de interne
Page 39 and 40: - de communicatieverbindingen tusse
Page 41 and 42: van tabel 3 of 4 en indien sprake i
Page 43 and 44: Hoofdstuk 4IT control frameworkIn d
Page 45 and 46: §4.2 Vergelijking met IT-control f
Page 47 and 48: §4.3 IT-control frameworkOp basis
Page 49 and 50: Enable operations (PO6, PO8, AI6, D
Page 51: Manage third-party services (DS2)Co
Page 55 and 56: Manage operations (DS13)Control obj
Page 57 and 58: dat de deelnemers voldoende experti
Page 59 and 60: eoordeling uitgesloten. PO8 ziet me
Page 61 and 62: meer betrekking hebben op applicati
Page 63 and 64: Gevoelig lag ook, aan het einde van
Page 65 and 66: Bijlage 1 LiteratuurlijstBelastingd
Page 67 and 68: Bijlage 2 Geraadpleegde websiteshtt
Page 69 and 70: Bijlage 4 DefinitiesBEGRIPApplicati
Page 71 and 72: General IT-controlsIT-control frame
Page 73 and 74: Bijlage 6 CobitCobit is de acroniem
Page 75 and 76: van specifieke maatregelen binnen d
Page 77 and 78: 3. Event identification: identifica
Page 79 and 80: Bijlage 8 Totstandkoming frameworkO
Page 81 and 82: Bijlage 9 Deelnemers brainstormsess
Page 83: Bijlage 11 Vragenlijst externWe wil

Deze scriptie is geschreven door beide op persoonlijke titel

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?