±âȹ¡¤Á¶Á÷ | Object to be audited in Plan and Organization | 计划 & 组织
Check whether the target and scope of the lottery printing business are understood and defined clearly in terms of management of instant lottery based developing business and there is any risk.
- date : 2010-07-13 19:45|hit : 2157
-
- Communication and Operations Management
-
Check List
Operational procedures and responsibilities and protection against security vulnerabilities
Purpose
To ensure the correct and secure operation of information processing facilities and gaming operations or the support thereof against security vulnerabilities
Audit resources
Procedure
Verification
Document
Lottery system operation manual, Roles and responsibilities of IT organization
Product
Detailed study list and method
- Check if operating procedures are documented, maintained, and made available to all users.
- Check if changes to information processing facilities and systems are controlled.
- Check if duties and areas of responsibility are segregated to reduce opportunities for unauthorized or unintentional modification or misuse of the organization¡¯s assets.
- Check if development, test and operational facilities are separated to reduce the risks of unauthorized access or changes to the operational system.
- Check if the IT function ensure that documented procedures are in place for the management of security vulnerability patches on important systems for gaming operations and that reviews with regards to patch level of all installed software are regularly conducted
¡Ø REFERENCE: ISO27001, A.10.1, Communication and Operations Management
The Criteria to Winner: Security and Risk Management for Printed Lottery by Hyejung Moon is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Based on a work at www.itpolicy.co.kr.
Permissions beyond the scope of this license may be available at http://www.lulu.com.
- reply : 0
-
- list
-
- prev
- next