Àμ⡤»ý»ê | Object to be audited in Actual Printing | ìÔáì & ßæ产
Ensure that the printing business meets the target, by verifying the quality of test lottery tickets and producing lottery tickets meeting the requirements of the production order.
- date : 2010-07-13 21:06|hit : 3040
-
- Propriety of access control(1)
-
Check List
Fulfillment of access control on the basis of access right
Purpose
To check if access rights are appropriately controlled for staff performing program development and maintenance repair, game data generation, audit, lottery production, prize verification structure regulation and so on in the instant lottery printing process
Audit resources
Procedure
Verification
Document
User access rights log
Product
Detailed study list and method
- Check if user access rights are defined on the ¡°Need To Know¡± basis
- Check if access to the system is restricted according to user¡¯s access rights
- Check if user¡¯s access rights are regularly examined
- Check if access rights modification/deletion is immediately effective at personnel transfer or resignation
- Check if unnecessary or idle accounts are managed
Check List
Safe log-on procedures
Purpose
To check if control is in place to protect the system from the malicious threats of unauthorized third party by practicing safe logon procedure for game data printing system
Audit resources
Procedure
Verification
Document
Product
Detailed study list and method
- Check if unnecessary system information is not supplied during the logon procedure
- Check if logon attempt failures are limited
- Check if password input is not indicated or masked in special characters
- Check if the previous logon date and time is indicated when log on is successful
Check List
User identification and authentication
Purpose
To check if user logged on to the instant lottery game data system is identified and the authentication procedure and control is operational.
Audit resources
Procedure
Verification
Document
User group, User ID list, Access control policy
Product
Detailed study list and method
- Check if every user is given a unique ID preventing the use of duplicate ID¡¯s.
- The use of reinforced authentication method such as smart card, organ authentication
Check List
System utility usage
Purpose
To check if user control procedure is in place for the various utility and system software operating in the instant lottery game data printing system.
Audit resources
Procedure
Verification
Document
Utility usage statement
Product
Detailed study list and method
- Check if there identification, authentication, and approval procedure concerning the use of system utility
The Criteria to Winner: Security and Risk Management for Printed Lottery by Hyejung Moon is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License.
Based on a work at www.itpolicy.co.kr.
Permissions beyond the scope of this license may be available at http://www.lulu.com.
- reply : 0
-
- list
-
- prev
- next