CHAPTER 14 Compliance Within the System/Application Domain
DO USERS ACCESS DATA?
No. It sounds counterintuitive and perhaps a bit of a trick question, but it is technically true. Access to data is always achieved through an application. This may be an installed application on the workstation, an application in the operating system, or even an application embedded in the BIOS. A user can only read, update, or create data through an application. An application controls the user experience and thus becomes the pivotal point of strength or weakness. This is also true when it comes to cybersecurity. Applications can be a strong or point of weakness when it comes to protecting an organization’s customer and company data.
Application audits are conducted to ensure the business’ software is properly functioning, complies with the organization’s policies, and is legally licensed. These typical audit criteria will increase the value of the software to achieve the organization’s goals while reducing the potential for business disruptions and cybersecurity threats.
In this chapter, we will review the key areas to consider in performing application and systems audits. We will discuss how software is maintained and the importance of proper configuration. These common components and others that will be discussed ensure software complies with policies.
