What people are saying - Write a review
We haven't found any reviews in the usual places.
access controls access reporting accounts activities addition adequate allow applications programs appropriate approved assigned assist audit authorized collection Comments complete computer access computer operations computer processing computer security administration control problems corrective actions detect Director disaster recovery plan discussed documentation draft Education Education's effective ensure established evaluating example ffelp information system files and programs financial statements fiscal fiscal year 1993 functions Further gain guaranteed implemented improve independently information system's contractor integrity involving maintained monitor necessary needed Office oversee perform personnel policies and procedures Program Systems Service recommendations record reliability require responsibilities security administration program security oversight team Senate Senate Committee sensitive data sensitive system software change control special access privileges special user identifications specific staff standards statements system data system security system's general control systems programming systems software changes testing unauthorized access unauthorized changes utility programs weaknesses
Page 4 - ... centers in Dallas and Albuquerque, we evaluated controls intended to protect data and application programs from unauthorized access; prevent the introduction of unauthorized changes to application and system software; provide segregation of duties involving application programming, system programming, computer operations, security, and quality assurance; ensure recovery of computer processing operations in case of a disaster or other unexpected interruption; and ensure that an adequate computer...
Page 5 - ... were intended to work and the extent to which center personnel considered them to be in place. We also reviewed the installation and implementation of VA'S operating system and security software. Further, we tested and observed the operation of general computer controls over VA'S information systems to determine whether they were in place, adequately designed, and operating effectively. To assist in our evaluation and testing of general computer controls, we contracted with Ernst & Young LLP....
Page 23 - Identify sensitive data files and programs and monitor successful access to them, including access by users having special access privileges.
Page 23 - s contractor to devise controls to ensure that only approved and tested changes are made to the systems software.
Page 22 - ... data needed to perform their duties, and to approve the creation of special user identifications.