Definition of mainframe
AConsiderations
Organizations in different industries have different auditing and security requirements. Some factors affecting the organizations' requirements are: regulatory requirements and other external factors; management, objectives, and business practices; and the organizations' performance compared to the industry. This information can be obtained by conducting outside research, interviewing employees, touring the data center and observing activities, consultations with technical experts, and looking at company manuals and business plans. Another consideration is the level of mainframe access employees have and if password policies are in place and followed. Evidence of implementation can be obtained by requesting employee manuals, evaluating the software and user histories, and by physical observation of the environment. (Gallegos, 2004). Physical access is also an area of interest. Are cables adequately protected from damage and sniffing between theThe Operating System
*What controls are in place to make sure the system is continually updated? *Is the software configured to do updates, or is it done by the system technicians? *Controls should be in place to deter unauthorized manipulation or theft of data. *ProperSecurity server
*Are properApplication system
*Is concerned with the performance and the controls of the system. *Is it able to limit unauthorized access and data manipulation?Evaluate whether sufficient evidence was obtained
After performing the necessary tests and procedures, determine whether the evidence obtained is sufficient to come to a conclusion and recommendation.How is the security of the mainframe maintained?
Mainframes, despite their reliability, possess so much data that precautions need to be taken to protect the information they hold and the integrity of the system. Security is maintained with the following techniques: *Physical controls over the mainframe and its components. *Encryption techniques. *Putting procedures in place that prevent unnecessary and unauthorized entries into a system and that input, output, or processing is recorded and accessible to the auditor. This is particularly important for people with elevated privilege. *Security Software such as RACF, ACF2, and Top Secret. *Constant testing of the security system to determine any potential weaknesses. *Properly protecting backdoor accesses. *Continual examination of the techniques to determine effectiveness. To gauge the effectiveness of these internal controls an auditor should do outside research, physically observe controls as needed, test the controls, perform substantive tests, and employ computer assisted audit techniques when prudent.References
* Gallegos, F., Senft, S., Manson, D., Gonzales, C. (2004). Information Technology Control and Audit. (2nd ed.) Boca Raton, Florida: Auerbach Publications. * Messier jr., W., F. (2003) Auditing & Assurance Services: A Systematic Approach. (3rd ed.) New York: McGraw-Hill/Irwin. * Licker, M., D. (2003). Dictionary of Computing & Communications. New York: McGraw-Hill * Philip, G. (2000). The University of Chicago Press: Science and Technology Encyclopedia. Chicago, IL: The University of Chicago Press. * O’Brien, J., A., (2002). Management Information Systems: Managing Information Technology in the E-Business Enterprise. 5th ed. New York: McGraw-Hill/Irwin.External links