tailieunhanh - The CISA Prep Guide Mastering the Certified Information Systems Auditor Exam phần 5

và quá trình này không cung cấp cho phép và phê duyệt để bắt kịp thay đổi sau này, các doanh nghiệp sẽ không được thành công trong việc đáp ứng các nghĩa vụ của mình. Vì lý do này, điều quan trọng là để cô lập các nhiệm vụ của thư viện kiểm soát thay đổi từ các nhiệm vụ khác | 222 Chapter 4 would or that a jury would accept the argument. It will be very important as a result of this and other concerns with PKI to ask many hard questions up front as to what the purpose and intentions are for the PKI installation and what the business problems are that are to be solved by its implementation. If they are authentication based your process for review will differ from a review intended to prove protected transmissions through encryption methodologies. Biometric Access Controls Biometrics authentication continues to mature but it is still not readily accepted in commercial production for an audit review. The human parts used to validate identity include face recognition iris scanning eye retina geometry scanning hand geometry scanning fingerprint mapping and matching keystroke cadence matching voice recognition and probably some sort of body fluid matching if you look hard enough. The concern over the usefulness of such metrics is related to the matching process of the registered sample pattern to the live person. The system approximates the real specimen thus error is introduced into the process. Because humans are dynamic in nature the source biometric changes somewhat over time. A moving target and an approximation of a sample captured at some time in the past force the matching process to accept a certain amount of error in order to be useful at all. False positive acceptance and false negative rejection will need to be measured as part of your evaluation to determine how well the process works and whether the error acceptance ranges introduce unacceptable risk. The initial expectation is that these biometric solutions are used when extraordinary controls are required so high error rates are less acceptable than they would be under less demanding conditions. On top of that there will always be some people that the process will just not work for such as the handicapped for example. Therefore alternative processes will need to be present and