A typical control framework covers four areas:
* Authentication and authorization: no individual should have more rights than he or she needs to execute his or her assigned tasks. The organization should also maintain a complete record of access and activities.
* Configuration and change management: no changes should be made without authorization. A record of what changes are made should be maintained so that the state of a system or application at a previous time can be determined.
* Segregation of duties: a single person should not have the right to configure IT systems as well as audit, initiate or approve incompatible activities in those systems.
* Documentation: all entities must be held accountable. Compliance should be documented and tested on an ongoing basis. The audit trail should allow for testing of the internal IT control framework as well as substantiating regulatory compliance.
Blog Archive
-
►
2009
(76)
-
►
May
(21)
- 乔木古树茶与茶园台地茶的最基本的区别
- 肾精不足
- 乾坤之道. 中国文化矛盾的地方
- 子午流注.一日之计,在于晨
- 野生平盖灵芝的功效
- 《左传》-病由鬼、食、蛊所致 "国学堂"
- 很有意境的歌词
- 2009.清明.hk中环...湾仔酒吧街...lockroad
- 2009.清明.hk立体交通..大陆真该学学
- 2009.清明.hk中环...湾仔酒吧街
- 2009.清明.hk中环...
- 2009.清明.hk中环...
- 2009.清明.去香港祭祖.华人永久墓场.柴湾
- 十药神书
- 深圳罗湖KTV::与eddy yang等, palm680
- juniper酒会::活动, 广州酒吧, palm680
- 足浴::穴位mapping:palm680
- 中国字::你认得吗? 888后街: palm680
- 中山三乡街景::很多鞋卖:palm680
- 广州酒吧::美女与白蟒蛇::palm680 pick, juniper酒会后活动
- 金林水乡::隋朝村落::小桥流水
-
►
May
(21)
0 评论:
Post a Comment