SAPLIB

The environment of the data center will come under scrutiny as well. Not only will the auditors examine the physical access controls to the data center but they will also examine the suitability of the data center to house sensitive information and systems. As such the following items are examined
- The structure of the walls, ceiling, and floor
- The security of the wiring
- Fire suppression
- Environmental controls
- Power (more…)

Popularity: 38% [?]

Logical access controls determine which individuals have access to what information. Some of the items examined here are mechanisms in place on computer and network systems and some pertain to the overall architecture of the offerings provided by the organization. Some of the items that will be investigated include
- Individuals who have access to client information
- Individuals with privileged access to network devices such as firewalls and routers and computer systems
- Appropriateness of individual access to job function
- Appropriateness of user management procedures to identify dormant and unused accounts and to determine individual access
- Restriction of customer access to prevent the sharing of information
- Mechanisms in place to prevent unauthorized access to client information (both with regard to other clients and employees)

The information that is necessary to evaluate these issues is not solely related to the controls on the computer systems. The auditors will need to understand the underlying architecture that separates sensitive information and the procedures used by the organization to manage user access effectively.

Popularity: 41% [?]

SAP Security In-Depth is a free technical publication leaded by the Onapsis Research Labs with the purpose of providing specialized information about the current and future risks in the SAP security field, allowing all the different actors (financial managers, information security managers, SAP administrators, auditors, consultants and the general professional community) to better understand the involved risks and the techniques and tools available to assess and mitigate them. (more…)

Popularity: 66% [?]

Download free Information Technology Operation Process Model. This process model covering some basic process within IT operation such as:
Information Operational Events
• Input (write) new information
• Store/save information
• View/display/list/output (read) information
• Delete information

Hardware Device Operational Events
• Hardware device startup
• Hardware device shutdown (more…)

Popularity: 44% [?]

1. Estimates are documented

2. Activities and commitments are planned and documented

3. Impacted groups and individuals agree to their commitments

4. Commitments

5. Project manager is designated

6. Project manager negotiates commitments and develops plan (more…)

Popularity: 24% [?]