Logical Access
What methods can you use to familiarize yourself with the IT Environment?
Walkthrough, Interviews, Document Reviews, Risk Assessments
What are these examples of: internal policies, procedures, normal business email messages, information controlled by legislation, etc.
Private Information
Who are key people to interview about the logical access permissions?
Security administrators, network control managers, systems software manager
Who is responsible for the information and should decide on the appropriate classification?
Information Owner
What should be identified within the report in the event of an unsuccessful login attempt?
Time, terminal, logon and file or data element for which access was attempted.
What are some things data classification as a control should define?
Importance of the information asset
Information asset owner
Process for granting access
Person responsible for approving access
Extent and depth of security controls.
What should an application systems manual include? (Give one example)
Information about the platform the application can run on, DBMS, compilers, interpreters, telecommunication monitors and other application that can run with the application.
What requirements are considered when classifying data?
Legal, regulatory, contractual, and internal