IT Examiner School

HARDWARE/SOFTWARE

Threats and Vulnerabilities

Inherent Risk

Controls (How is it protected?) Information is saved on back up disks daily. User name and password requirement for system entry prevents unauthorized users from accessing the system. Use passwords expire every 60 days. Users are set up to access only necessary applications to perform jobs. User Virus protection is installed in the software. This protection is checked hourly and updated when needed, at least once per day. Laptops are locked up at night. security report reviewed daily. screen protectors and screen savers that activate within 5 minutes. Every computer has the option of self-locking when needed. Computers are equipped with

Effectiveness of Control ALL EFFECTIVE UNLESS OTHERWISE NOTED

Computer/Network System

Disaster occurs

LOW

Access to other computer.

LOW

Data being lost on system.

LOW

Virus, worm or unauthorized person tries to enter network. Firewall installed in the bank’s software/network being damaged Laptops that are kept at the bank during the day or night. Computer/desktops being damaged or accessed by an unauthorized person. Disks or CDs that are no longer in use. Information that is left on computer screens during the day. Collecting information on internet. Spies threaten infrastructure/networking equipment. Outsiders being able to plug in with their own network devices into the system via plug ins in offices and the Network switches on the tower by the vault.

LOW

LOW

MED

LOW

LOW

MED

LOW

HIGH

HIGH

All disks/CDs are