1.7. LOCATION OF PHYSICAL AND LOGICAL SECURITY CONTROLS SECURITY CONTROLS
Exhibit 1.1 visually depicts the concept of a basic computing system and the location of physical and logical security controls. Physical security controls pertain to the central processing unit and associated hardware and peripheral devices. Logical security controls exist at the operating system level and within database management systems and application programs. This basic model can be applied to virtually any type of computing system. For example, Exhibit 1.2 presents a
Basic Conceptual ModelApplication Program Database Management System Operating System (including firmware) Logical Security Central Processing Unit Physical Security Some other elements of the computing control environment: Information Protection and Security Policy, Standards, and Procedures Reporting Structure IT Operations Vendor Financial Condition Vendor SAS 70, TruSecure, SysTrust, WebTrust, TRUSTe, BBBOnline, Other Security Certifications Vendor License, Maintenance and Support Agreements (software and hardware) Insurance Policies Note: This conceptual model is not meant to replace the ISO open systems interconnection (OSI) model. It is a simplified approach meant to help nontechnical auditors to quickly ascertain the adequacy of controls over the most common risks associated with computer systems. See Appendix C for a brief overview of the ISO-OSI model. |
Conceptual Model Of Open-Networked SystemApplication Program #1 |
Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.