Auditing The Systems / Application Domain For Compliance

980 Words4 Pages
Auditing the Systems/Application Domain for Compliance The System/Application Domain The system/application domain consists of mission-critical systems, applications, and data. Common targeted systems and applications are operating systems (desktop, server, and network), e-mail applications and servers, Enterprise Resource Planning (ERP) applications and systems, and web browsers. System/application attacks fall within three categories: denial or destruction, alteration, and disclosure. This paper will cover some common system/application domain vulnerabilities: unauthorized physical and logical access to resources, weaknesses in server operating system and application software, and data loss. Unauthorized Physical Access Unauthorized physical access can be defined as gaining access to a physical entity or area without permission from an administrative figure. This type of threat is dangerous when the targets are sensitive areas such as computer rooms, datacenters, or wiring closets because they contain a vast amount of sensitive information. Companies can prevent falling victim to unauthorized physical access by developing and implementing simple policies, standards, procedures, and guidelines for employees as well as guests to follow. Secure all areas containing sensitive systems and/or data. Require staff to follow entrance procedures when entering a secured area. Also ensure that physical data such as important documents are secured. Require
Open Document