IT asset management

Preview (13 of 43 Pages)

100%

Purchase to unlock

Loading page image...

IT AssetManagement (Day2)

Loading page image...

What Is an IT Asset?An asset is something of tangible or intangible value thatisworthprotecting,includingpeople,information,infrastructure ,finances, and reputationTo protect and manage an asset, an inventory must becompleted that identifies the asset, specifies its location,and indicates whether it has been assigned an owner.The first steps in IT asset management are identifyingall IT assets and creating an inventory of IT assets.EY

Loading page image...

Inventory Record

Loading page image...

Discussion QuestionDuring an assessment of software development practices, an information systems (IS) auditor finds thatopen-source software components were used in an application designed for a client. What isthe GREATESTconcem that the auditor has about the use of open-source software?The client did not pay for the open-source software components.The organization and client must comply with open-source software license terms.Open-source software has security vulnerabilities.Open-source software is unreliable for commercial use.EY

Loading page image...

Discussion QuestionA major benefit of using open-source software is that it is free. The client is not required to pay for theopen-source software components; however, both the developing organization and the client should beconcerned about the licensing terms and conditions of the open source software components that are beingused.There are many types of open-source software licenses and each has different terms and conditions.Some open-source software licensing allows use of the open-source software component freely butrequires that the completed software product must also allow the same rights. This is known as virallicensing, and if the development organization is not careful, its products can violate licensing terms byselling the product for profit. The information systems (IS) auditor should be most concerned with open-source software licensing compliance to avoid unintended intellectual property risk or legalconsequences.Open-source software, just like any software code, should be tested for security flaws and should be part ofthe normal system development life cycle (SDLC) process. This is not more of a concern than licensingcompliance.Open-source software does not inherently lack quality. Like any software code, it should be tested forreliability and should be part of the normal SDLC process. This is not more of a concern than licensingcompliance.EY

Loading page image...

Discussion Question■An information systems (IS) auditor conducting a review of software usage and licensingdiscovers that numerous PCs contain unauthorized software. Which of the following actionsshould the IS auditor take?Delete all copies of the unauthorized software.Recommend an automated process to monitor for compliance with software licensing.Report the use of the unauthorized software and the need to prevent recurrence.Warn the end users about the risk of using illegal software.EY

Loading page image...

Discussion QuestionAn information systems (IS) auditor should not assume the role of the enforcing officer andtake on any personal involvement in removing the unauthorized software.This would detect compliance with software licensing; however, an automated solution mightnot be the best option in all cases.The use of unauthorized or illegal software should be prohibited by an organization. An ISauditor must convince the user and management of the risk and the need to eliminate therisk. For example, software piracy can result in exposure and severe fines.Auditors must report material findings to management for action. Informing the users of riskis not the primary responsibility of the IS auditor.EY

Loading page image...

Discussion Question■An information systems (IS) auditor discovers that some users installed personal software ontheir PCs. This is not explicitly forbidden by the security policy. TheBEST approach for an ISauditor is to recommend that the:IT department implement control mechanisms to prevent unauthorized software installation.Security policy be updated to include the specific language regarding unauthorized software.IT department prohibit the download of unauthorized software.Users obtain approval from an IS manager before installing nonstandard software.EY

Loading page image...

Discussion QuestionAn information systems (IS) auditor's obligation is to report on observations noted and makethe best recommendation, which is to address the situation through policy. The IT departmentcannot implement controls in the absence of the authority provided through policy.Lack of specific language addressing unauthorized software in the acceptable use policy isa weakness in administrative controls. The policy should be reviewed and updated toaddress the issue—and provide authority for the IT department to implement technicalcontrols.Preventing downloads of unauthorized software is not the complete solution. Unauthorizedsoftware can be also introduced through compact disks (CDs) and USB drives.Requiring approval from the IS manager before installation of the nonstandard software is anexception handling control. It would not be effective unless a preventive control to prohibituser installation of unauthorized software is established first.EY

Loading page image...

Discussion QuestionWhich of the following is a network diagnostic tool that monitors and records networkinformation?Online monitorDowntime reportHelp desk reportProtocol analyzerEY

Loading page image...

Discussion QuestionWhich of the following is a network diagnostic tool that monitors and records networkinformation?Online monitors measure telecommunication transmissions and determine whethertransmissions were accurate and complete.Downtime reports track the availability of telecommunication lines and circuits.Help desk reports are prepared by the help desk, which is staffed or supported byinformation systems (IS) technical support personnel trained to handle problems occurringduring the course of IS operations.Protocol analyzers are network diagnostic tools that monitor and record networkinformation from packets traveling in the link to which the analyzer is attached.EY

Loading page image...

Discussion QuestionWhich of the following is aMAJOR concern during a review of help desk activities?The help desk team could not resolve certain calls.A dedicated line is not assigned to the help desk team.Resolved incidents are closed without reference to end users.The help desk instant messaging has been down for more than six months.EY

Loading page image...

Discussion QuestionWhich of the following is a MAJOR concern during a review of help desk activities?Although this is of concern, it should be expected. A problem escalation procedure should bedeveloped to handle such scenarios.Ideally, a help desk team should have dedicated lines, but this exception is not as serious asthe technical team unilaterally closing an incident.The help desk function is a service-oriented unit. The end users must be advised before anincident can be regarded as closed.Instant messaging is an add-on to improve the effectiveness of the help desk team. Itsabsence cannot be seen as a major concern if calls can still be made.EY

Preview Mode

This document has 43 pages. Sign in to access the full document!

Report

Study Now!

Document Details

Related Documents

DevOps and Its Importance Study Notes

Veeam Certified Engineer VMCE-V12

Modules 1 - 3 Basic Network Connectivity and Commu

Notes CCNA

CCNA 200-301 Portable Command Guide 5th Edition 20

CCNA 200-301 Portable Command Guide 5th Edition 22

CCNA 200-301 Portable Command Guide 5th Edition 36

Foundations of Novell Networking Section 26

Modulo 7 DHCPv4

Build and troubleshooting Integration Challenge

Company

Explore

Study Tools