Contact Us |
Info for students | Our Courses | About Us  
 

 

System Audit Policy
 

 

1.0 PURPOSE

To provide the authority for members of ASCL's Information Security Department to conduct a security audit on any system at ASCL and to maximize effectiveness of systems audits and minimize interference to business processes.

Audits may be conducted to:

  1. Ensure integrity, confidentiality and availability of information and resources

  2. Investigate possible security incidents ensure conformance to ASCL security policies

  3. Monitor user or system activity where appropriate.

2.0 SCOPE

This policy covers all computer and communication devices owned or operated by ASCL. This policy also covers any computer and communications device that are present on ASCL premises, but which may not be owned or operated by ASCL.

3.0 POLICY

When requested, and for the purpose of performing an audit, any access needed will be provided to ASCL's Information Security Department personnel.

This audit may include:

  1. User level and/or system level access to any computing or communications device

  2. Access to information (electronic, hardcopy, etc.) that may be produced, transmitted or stored on ASCL equipment or premises

  3. Access to work areas (labs, offices, cubicles, storage areas, etc.)

  4. Access to interactively monitor and log traffic on ASCL networks.

  5. Audits of operational systems shall be planned carefully by the management to minimize the risk of disruptions to day-to-day business operations.

  6. Access to audit tools shall be protected to prevent any possible misuse or compromise.

  7. Integrity of system audit test data shall be protected and shall be validated to ensure it is correct and appropriate before conducting audit excercize.

4.0 ENFORCEMENT

Any person bound by this policy who intentionally and/or knowingly violates this policy shall be subject to action deemed fit by the Governing Board of the Asian School of Cyber Laws and shall also be liable to pay adequate and prompt compensation. Such action shall not preclude adequate civil and / or criminal remedy as per the applicable law.

5.0 REVISION HISTORY

This document is created on 24-02-2002 and has been last updated on 22-02-2003. Please note that this document is updated on a regular basis and the latest version can be obtained from:

Some relevant policies

 

© 2004 Asian School of Cyber Laws. All Rights Reserved.
 

 


Press Room | Information Security | Info for students | Our Courses | About Us | Contact Us
© 2007 Asian School of Cyber Laws. All rights reserved.
  Reprint Permission | Privacy Policy | Disclaimer