Security Basics mailing list archives
Where is the head and tail?
From: WALI <hkhasgiwale () gmail com>
Date: Sat, 24 Feb 2007 10:18:09 +0400
So, I have been asked to undertake security auditing of a financial application, whose source code we have recently acquired. The application is written in D2K with oracle backend.
As I understand it, boss wants security procedures laid out before we start to implement this application across our branches in various countries. Also, he doesn't want any haphazard development to start whenever any changes are asked by accounts dept.
How should I start? Well, I can start to outline Change Management procedures that would be followed. Segregation of duties between various levels of developers, quality assurance, app admin etc. That's generic.
Then what? I am a novice when it comes to accounting and finance. Should I define workflows within dept. of accounting? Should I sit with accountants and other users and get deep into various things they do and then look deeply inside each module of this finance application in order to study General Ledgers, Journal Vuchers, Accounts recievables/payables etc. That would take months!!
Is there any set checklist for such kind of application auditing?Any/all inputs would be highly appreciated. Please take some time out to enlighen me!!
--------------------------------------------------------------------------- This list is sponsored by: BigFixIf your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix.
http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/ ---------------------------------------------------------------------------
Current thread:
- Re: Security Simplification, (continued)
- Re: Security Simplification Matt Moore (Feb 22)
- Re: Security Simplification Paul daSilva (Feb 22)
- Re: Security Simplification Matt Moore (Feb 22)
- Re: Security Simplification Isaac Perez Moncho (Feb 23)
- RE: Security Simplification Nhon Yeung (Feb 22)
- Re: Security Simplification Christian Kopacsi (Feb 22)
- Re: Security Simplification simonis (Feb 22)
- Re: Re: Security Simplification aaarugrat (Feb 23)
- Re: Security Simplification Henry Troup (Feb 23)
- RE: Security Simplification Herb Steck (Feb 23)
- Where is the head and tail? WALI (Feb 26)
- Message not available
- Where is the head and tail? Harshal Mehta (Feb 28)
- Re: Where is the head and tail? crazy frog crazy frog (Feb 28)
- RE: Security Simplification Herb Steck (Feb 23)