6: Auditing Network change Mnagement Flashcards

1
Q

• Change control policy

A

The IS auditor should examine the organization’s change control policy to understand how change is supposed to be controlled and managed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

• Change logs

A

The IS auditor should determine if information systems contain automatic logs that contain all changes to systems and, if so, if these logs are reviewed by IT staff to ensure that only approved changes are being made to systems. The auditor should examine procedures and records to determine what actions are taken when unapproved changes are discovered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

. • Change control procedures

A

The IS auditor needs to examine change control procedures and examine records to determine if procedures are effective and are being followed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

• Emergency changes

A

The IS auditor should examine change control policy, procedures, and records to see how emergency changes are handled and how they are approved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

• Rolled-back changes

A

The IS auditor should examine change control records to see what changes needed to be rolled back because of problems. The auditor should determine how these situations were handled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

• Documentation

A

The IS auditor should determine whether change control procedures and records include updates to documentation, including network operations procedures, architecture diagrams, and disaster recovery plans.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

. • Linkage to system development life cycle (SDLC)

A

The IS auditor should understand how the organization’s system development life cycle is integrated with its change management processes to ensure that only completed and properly approved software changes are proposed for promotion into production.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly