1 / 18

Understanding Networks and E-Commerce: An IT Audit Perspective

Chapter 5 delves into the complex structure of networks, their types including LAN and WAN, and essential components such as network operating systems and transmission media. It also explores the intricacies of internet architecture, electronic commerce frameworks, and the critical role of auditing in ensuring data integrity and security. Key audit objectives encompass transaction verification, access controls, and compliance checks. The chapter offers a comprehensive guide for understanding the vital connection between networks, e-commerce, and IT auditing practices.

nevan
Télécharger la présentation

Understanding Networks and E-Commerce: An IT Audit Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 5:Networks, Internet & Ecommerce IT Auditing & Assurance, 2e, Hall & Singleton

  2. NETWORKS: TYPES • LAN (Local Area Networks) • WAN (Wide Area Networks • Internet/Internet-Works

  3. NETWORKS • Network topology • Star (Figure 5-1, p.194) • Hierarchical (Figure 5-2, p.196) • Ring (Figure 5-3, p.196) • Bus (Figure 5-4, p.197) • Network architecture • Peer-to-peer architecture • Client/server architecture (Figure 5-5) • Network protocols • Function of protocols

  4. NETWORKS: COMPONENTS • Network Operating System (NOS) • Polling • Token passing • Carrier sensing • Nodes/terminals • Dumb terminals • Smart terminals • Programmable terminals

  5. NETWORKS: COMPONENTS • Transmission channels / media (Figure 5-9, p.206) • Synchronous / asynchronous • Simplex / half duplex / full duplex (Figure 5-8, p.205) • Twisted pair (phone line) • Coax cable (cable line) • Fiber optic cable • Six advantages -- p.205-6 • Microwave • Communication satellites • Wireless

  6. NETWORKS: CONNECTING DEVICES • Server / host • Connecting devices • Modem • Digital signal to radio wave signal (figure 5-14, p.211) • Modulation – demodulation(figure 5-15, p.212) • Network Interface Card (NIC) • Network processors • Message switching • PBX • Packet switching

  7. NETWORKS: CONNECTING DEVICES • LAN Linking Devices and Systems • Multiplexer • Hubs • Passive • Manageable • Switched • Routers • Switches • Gateways • Bridges

  8. INTERNET • Internet • Intranet • Extranet

  9. EDI • Inter-company transfers • Processed automatically by IS • Processed in standardized format • Figure 5-19, p.218 • Third party (VANs) • Protocols

  10. EDI • Benefits • Reduces data keying • Reduces paper • Reduces postage • Reduces errors • Reduces inventory • REDUCES COSTS • EFT (figure 5-23, p.223) • EDI audit trail

  11. ELECTRONIC COMMERCE • Electronic commerce • Types • B2C • B2B • C2C • Components • Electronic payment systems • SSL • SET • S-HTTP

  12. ELECTRONIC COMMERCE • Risks • Internal • Accidents / system failures • Ineffective accounting • Malicious activities • Fraud • External • Intruders • Hackers • Cracker • Script kiddies • Viruses • Cyberterrorism / cyber-crime

  13. CONTROLLING E-COMMERCE • Controls • Policies and procedures • SDLC techniques • Anti-virus systems • Message sequence numbers • Logs • Monitoring systems

  14. CONTROLLING E-COMMERCE • Access control systems • Call-back systems • Challenge-response systems • Multifaceted password systems • Biometrics • Firewalls • IDS • Misuse detection vs. anomaly detection • Network-based vs. host-based systems • Passive system vs. reactive systems • Controlling DoS attacks

  15. AUDIT OBJECTIVES • Verify the security and integrity of transactions • Can detect and correct message loss • Can prevent and detect illegal access, internally and externally • Will render useless any data captured • Verify that backup procedures are sufficient • Determine: • All EDI and electronic transactions are authorized, validated, and compliant with SLA • No unauthorized access to databases • Authorized partners only have access to approved data • Adequate controls are in place to ensure a complete audit trail for electronic transactions

  16. AUDIT OBJECTIVES • Backup control for networks • Transaction validation • Access control: • Tests of validation control • Tests of audit trail controls

  17. AUDIT PROCEDURES • Select of sample of messages from transaction log and verify their integrity • Review the message transaction logs to verify that all messages were received in proper sequence • Test the operation of features such as call-back • Review security procedures governing data • Verify any encryption process by sending test messages • Review the adequacy of firewalls (see list on page 240)

  18. Chapter 5:Networks, Internet & Ecommerce IT Auditing & Assurance, 2e, Hall & Singleton

More Related