Escolar Documentos
Profissional Documentos
Cultura Documentos
Firewall configuration
New User / User Modification Authorization Form
Sample Security Audit Report
Mandatory Clauses:
1. Context of the organisation
a. Understanding the organisation and its context
b. Understanding the needs and expectation of interested parties
c. Determining the scope of the information security management
system
d. Information security management system
2. Leadership
a. Leadership and commitment
b. Policy
c. Organisational roles, responsibilities and authorities
3. Planning
a. Actions to address risk and opportunities
b. Information security objectives and planning to achieve them
4. Support
a. Resources
b. Competences
c. Awareness
d. Communication
e. Documented Information
5. Operation
a. Operational planning and control
b. Information Security risk assessment
c. Information security risk treatment
6. Performance evaluation
a. Monitoring, measurement, analysis and evaluation
b. Internal audit
c. Management review
7. Improvement
a. Nonconformity and corrective action
b. Continual Improvement
Domains covered in ISO27001:2013
1. Information security policy
2. Organisation of information security
3. Human resource security
4. Asset Management
5. Access Control
6. Cryptography
7. Physical and environmental security
8. Operation security
9. Communication security
10.System Acquisition, development and maintenance
11.Supplier relationships
12.Information security incident management
13.Information security aspects of business continuity management
14.Compliance
Need to focus on the following point of currents ISMS:
IT Audit Required Documents
3. Program development
a. Change management procedures and system development
methodology
b. Authorization, development, Implementation, testing, approval, and
documentation
c. SOD
d. Configuration changes
e. Emergency changes
f. Data migration and version controls
g. Post change/Implementation testing and reviews
4. Computer operations: Computer operations components to be
considered
a. Batch job processing
b. Monitoring of jobs( Success/failure)
c. Backup and recovery procedures
d. Incident handling and problem management
e. Changes to the batch schedules
f. Environmental controls
g. Disaster recovery and business continuity plan
h. Patch management
************************ Application control Testing *************************8
The objective of control tests in an application are to validate the internal
controls to support accurate, complete, timely, and authorized processing.
Checks need to be performed at points of testing:
1. Have the business transaction processed by the software been identified?
2. Has transaction flow analysis been prepared for each transaction?
3. Have controls for the transaction flow been documented?
4. Performed input control testing.
5. Has the level of risk for each control area been identified?
6. Have end users or customers been notified of the level of control risk
The locker project an open source, JavaScript- Based, PDS with a centralised
underlying attribute store that exists on persons personal computer as well
as API to support local applications.
***************************** SQL Injection **********************
SQLmap is able to detect and exploit five different SQL Injection Types:
1. Boolean Based Blind
2. Time Based Blind
3. Error Based
4. UNION query based
5. Stacked queries :- Also known as Piggy backing
https://gbhackers.com/sqlmap-detecting-exploiting-sql-injection/