0% found this document useful (0 votes)

404 views22 pages

Physical and Logical Access Controls

The document discusses physical and logical access controls. It defines internal controls and describes their objectives to provide reasonable assurance regarding financial reporting, operations, asset protection and compliance. Physical access controls relate to general security and restricting access to sensitive areas. Logical access controls provide authorization for applications and involve granting, monitoring and revoking access while preventing conflicts of duties. The Companies Act in India requires directors and auditors to ensure adequate internal financial controls are in place and operating effectively within organizations.

Uploaded by

Taranpreet Singh Saini

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

404 views22 pages

Physical and Logical Access Controls

Uploaded by

Taranpreet Singh Saini

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 22

PHYSICAL AND LOGICAL

ACCESS CONTROLS
Submitted by:
Taranpreet Singh Saini
601016

MIT, PUNE

Outline

Internal
Controls

Physical
Access
Controls

Logical
Access
Controls

Regulations

MIT, PUNE

WHAT ARE INTERNAL CONTROLS?

MIT, PUNE

Internal Controls
The process designed, implemented and maintained by those

charged with governance, management and other personnel to

provide reasonable assurance about the achievement of the
entitys objectives with regards to reliability of financial reporting,
effectiveness and efficiency of operations, safeguarding of assets
and compliance of applicable laws and regulations.
The terms control refers to any aspect of one or more of the
components of the internal controls.

MIT, PUNE

Formula of Internal Control

General
Controls

IS
Controls

Internal
Controls

MIT, PUNE

IS Controls

IS Controls
Application
Controls

IT General
Controls

MIT, PUNE

Objective of IS Controls

Maintaining Confidentiality
Preserving Integrity
Ensuring Availability

MIT, PUNE

Internal Controls

Physical Access
Controls

Logical Access
Controls

MIT, PUNE

Some Terms
Risk

Control
Control Objective

Risk is generally
defined as the
combination of
the probability of
an event and its
negative
consequence

It is generally a
contention and
states a criteria for
implementing and
evaluating the
entitys control
procedures in a
specific area.

Control Design

Control Operation

Documented
Blueprint of the
Control

Actual Execution
of the Control
which is
documented is
operating as
required.

MIT, PUNE

PHYSICAL ACCESS
CONTROLS
General Security

MIT, PUNE

What are Physical Access Controls?

MIT, PUNE

Illustrative Physical Access Control Objectives

Enforcement of Policies and Procedures relating to management

and security.
Restriction of access to sensitive areas.
Proper execution of procedures for Visitor Management
Revocation of access privileges on termination of employment
Constant monitoring of the premises
Screening of baggage and frisking of employees and visitors

MIT, PUNE

LOGICAL ACCESS
CONTROLS
Application and General Security

MIT, PUNE

What are Logical Access Controls

They refer to controls that provide relevant authorization to

appropriate personnel for the applications.

This area of controls include
Granting Access
Monitoring Access
Revoking Access
Preventing Conflict of Roles Segregation of duties

MIT, PUNE

Illustrative Control Objectives for Logical Access Controls (Security)

Execution of security administration policies and procedures
Avoidance of conflict of duties of personnel having security roles
Approvals, Authorization and Documentation of access of new

employees
Revocation of access of terminated employees performed in a
timely manner
Periodical Review of user access roles and rights
Enforcement of access password complexity parameters in all
systems

MIT, PUNE

What are Logical Access Controls?

MIT, PUNE

What are Logical Access Control?

MIT, PUNE

REGULATIONS
Under the Companies Act perspective

MIT, PUNE

Regulations Companies Act 2013

Section Reference

Regulatory Requirement

Section - 134

The directors would provide a responsibility statement have

laid down internal financial controls to be followed by the
company and are adequate and were operating effectively.

Section - 143

The auditors report shall state that whether the company has
adequate internal financial control system in place and the
operating effectiveness of such controls.

MIT, PUNE

THANK YOU

FINAL-MS Security Baseline Windows Server 2022
No ratings yet
FINAL-MS Security Baseline Windows Server 2022
2,146 pages
Cybersecurity Management Policy
100% (1)
Cybersecurity Management Policy
5 pages
Elements of Information Security Policy
No ratings yet
Elements of Information Security Policy
12 pages
Logging and Monitoring Policy-XX Version
100% (2)
Logging and Monitoring Policy-XX Version
14 pages
Example of ICS Cybersecurity Plan
100% (1)
Example of ICS Cybersecurity Plan
7 pages
Developing A Database Security Plan
100% (1)
Developing A Database Security Plan
13 pages
Vulnerability Assessment Policy PDF
No ratings yet
Vulnerability Assessment Policy PDF
3 pages
Project Security Compliance Assessment Checklist
0% (1)
Project Security Compliance Assessment Checklist
33 pages
Information Security Incident Management Procedures
No ratings yet
Information Security Incident Management Procedures
20 pages
3rd Party Outsourcing Information Security Assessment Questionnaire V1.4
No ratings yet
3rd Party Outsourcing Information Security Assessment Questionnaire V1.4
10 pages
Operationalizing Information Security: Putting the Top 10 SIEM Best Practices to Work
From Everand
Operationalizing Information Security: Putting the Top 10 SIEM Best Practices to Work
Scott Gordon
No ratings yet
Logical Access Control
No ratings yet
Logical Access Control
18 pages
Incident Response Guide
No ratings yet
Incident Response Guide
10 pages
Sacramento State Level 1 Systems Access Review Template
No ratings yet
Sacramento State Level 1 Systems Access Review Template
4 pages
Database Security Application Checklist Template
No ratings yet
Database Security Application Checklist Template
3 pages
Information Technology Policy Role-Based User Management
No ratings yet
Information Technology Policy Role-Based User Management
7 pages
19 1106 Cisa CISA Cyber Essentials S508C 0
No ratings yet
19 1106 Cisa CISA Cyber Essentials S508C 0
2 pages
IT Security Policy Template Remote Access Policy OSIBeyond
No ratings yet
IT Security Policy Template Remote Access Policy OSIBeyond
3 pages
L2 Incident Response
No ratings yet
L2 Incident Response
9 pages
Information Security Incident Management
100% (2)
Information Security Incident Management
3 pages
Lumu Ransomware Response Playbook
100% (1)
Lumu Ransomware Response Playbook
10 pages
ISMS-DOC-A06-3 Information Security Guidelines For Project Management
No ratings yet
ISMS-DOC-A06-3 Information Security Guidelines For Project Management
9 pages
NFC BANK IT Security Review Repor
No ratings yet
NFC BANK IT Security Review Repor
11 pages
PR11 LogReviewProcedure
No ratings yet
PR11 LogReviewProcedure
7 pages
Vulnerability Management Policy and Procedures
50% (4)
Vulnerability Management Policy and Procedures
18 pages
IT Infrastructure Security Risk Assessment Using The Center For Internet Security Critical Security Control Framework A Case Study at Insurance Company
No ratings yet
IT Infrastructure Security Risk Assessment Using The Center For Internet Security Critical Security Control Framework A Case Study at Insurance Company
6 pages
Sample Penetration Testing Policy Template
No ratings yet
Sample Penetration Testing Policy Template
21 pages
A Patch & Vulnerability Management Program Presentation
No ratings yet
A Patch & Vulnerability Management Program Presentation
9 pages
Annexure 3.2 - TPRM Checklist For Collection Vendors
No ratings yet
Annexure 3.2 - TPRM Checklist For Collection Vendors
4 pages
Information Security Incident Management
No ratings yet
Information Security Incident Management
8 pages
Questionnaire Security Assessment 2020
No ratings yet
Questionnaire Security Assessment 2020
2 pages
Security Incident Management Process
No ratings yet
Security Incident Management Process
8 pages
Incident Response. Computer Forensics Toolkit All
No ratings yet
Incident Response. Computer Forensics Toolkit All
13 pages
IT Security Incident Management
No ratings yet
IT Security Incident Management
3 pages
Patch Management Automation For Enterprise Cloud
100% (2)
Patch Management Automation For Enterprise Cloud
15 pages
Cloud Security Posture Management - Why You - Cloud Security Alliance PDF
No ratings yet
Cloud Security Posture Management - Why You - Cloud Security Alliance PDF
7 pages
NIST Approach To Patch and Vulnerability Management
No ratings yet
NIST Approach To Patch and Vulnerability Management
6 pages
Network Security Policy
No ratings yet
Network Security Policy
13 pages
PCI Compliance - Best Practices For Securing Credit Card Data
100% (3)
PCI Compliance - Best Practices For Securing Credit Card Data
3 pages
Security Hardening Notes
No ratings yet
Security Hardening Notes
6 pages
Disaster Recovery Checklist
No ratings yet
Disaster Recovery Checklist
2 pages
IRM 17 Ransomware
No ratings yet
IRM 17 Ransomware
2 pages
Purpose: Mobile Asset Management Policy I. Mobile Computing and Teleworking Select All
No ratings yet
Purpose: Mobile Asset Management Policy I. Mobile Computing and Teleworking Select All
4 pages
TOC of IT Department
No ratings yet
TOC of IT Department
5 pages
Information Security Management and Metrics
No ratings yet
Information Security Management and Metrics
30 pages
It Risk Assessment Toolkit
No ratings yet
It Risk Assessment Toolkit
1 page
Data Center Infrastructure, Storage-Design Guide - SAN Distance Extension Using ISLs - Brocade Community Forums - 36627
No ratings yet
Data Center Infrastructure, Storage-Design Guide - SAN Distance Extension Using ISLs - Brocade Community Forums - 36627
11 pages
Log Management Policy - GP 470k
No ratings yet
Log Management Policy - GP 470k
3 pages
It Risk Assessment Toolkit
100% (3)
It Risk Assessment Toolkit
22 pages
3rd Party Info Security Assessment
No ratings yet
3rd Party Info Security Assessment
8 pages
Audit Log Management PolicyTemplate For CIS Control 8
No ratings yet
Audit Log Management PolicyTemplate For CIS Control 8
16 pages
IT Security Audit Guideline
100% (1)
IT Security Audit Guideline
31 pages
BYOD Policy
No ratings yet
BYOD Policy
6 pages
EDRM Security Questionnaire 1.1
100% (1)
EDRM Security Questionnaire 1.1
39 pages
Aquisition Assessment Policy
No ratings yet
Aquisition Assessment Policy
2 pages
Business Continuity Policy
No ratings yet
Business Continuity Policy
2 pages
20 CIS Controls v7.0
No ratings yet
20 CIS Controls v7.0
12 pages
Cybersecurity Center A Complete Guide - 2020 Edition
From Everand
Cybersecurity Center A Complete Guide - 2020 Edition
Gerardus Blokdyk
No ratings yet
Business Continuity Management: Building an Effective Incident Management Plan
From Everand
Business Continuity Management: Building an Effective Incident Management Plan
Michael Blyth
No ratings yet
Story Writing
No ratings yet
Story Writing
4 pages
Factors Affecting Online Shopping Decision Behavior of Vietnam Consumers Shopee International Platform (Operations)
No ratings yet
Factors Affecting Online Shopping Decision Behavior of Vietnam Consumers Shopee International Platform (Operations)
10 pages
The Life and Death of Languages: Catambacan, Angela Dumdum, Mariell Nicole
No ratings yet
The Life and Death of Languages: Catambacan, Angela Dumdum, Mariell Nicole
36 pages
Power Phrases
100% (3)
Power Phrases
20 pages
Simple Past 0 English Grammar Rules Explanations PDF
No ratings yet
Simple Past 0 English Grammar Rules Explanations PDF
3 pages
Opportunities and Challenges For Big Data
No ratings yet
Opportunities and Challenges For Big Data
14 pages
12 Angry Men - BALURAN, MISSY
No ratings yet
12 Angry Men - BALURAN, MISSY
5 pages
Asics Case Analysis
No ratings yet
Asics Case Analysis
5 pages
Cutes Corporation: Instruction
No ratings yet
Cutes Corporation: Instruction
37 pages
MiniCase6 - The Mystery Powder
No ratings yet
MiniCase6 - The Mystery Powder
6 pages
Project Data
No ratings yet
Project Data
170 pages
Course Introduction:: Integrated Reservoir Modeling
No ratings yet
Course Introduction:: Integrated Reservoir Modeling
9 pages
Vedanta Kesari October 17'
No ratings yet
Vedanta Kesari October 17'
56 pages
Chapter..2 Kinesics
No ratings yet
Chapter..2 Kinesics
33 pages
Café en Indonesia
No ratings yet
Café en Indonesia
16 pages
Nama: Ilma Adilla Syahida NIM: 04021281924030 Kelas Reguler A 2019 Psik FK Unsri Exercise
No ratings yet
Nama: Ilma Adilla Syahida NIM: 04021281924030 Kelas Reguler A 2019 Psik FK Unsri Exercise
3 pages
Cva - Key
No ratings yet
Cva - Key
3 pages
Listado de Adjetivos Lovecraftianos
No ratings yet
Listado de Adjetivos Lovecraftianos
3 pages
Oifig An Stiúrthóra Náisiúnta, Acmhainní Daonna
No ratings yet
Oifig An Stiúrthóra Náisiúnta, Acmhainní Daonna
2 pages
Biomass and Bioenergy 4
No ratings yet
Biomass and Bioenergy 4
71 pages
Tutorial On Navigation Software and Map Update
No ratings yet
Tutorial On Navigation Software and Map Update
12 pages
Trial of Rizal: Presented By: Leo Angelo Dalingay
100% (2)
Trial of Rizal: Presented By: Leo Angelo Dalingay
15 pages
Past Election Mauritius
No ratings yet
Past Election Mauritius
102 pages
Public Vs Private
No ratings yet
Public Vs Private
3 pages
Divorce Debate
No ratings yet
Divorce Debate
19 pages
Civil Task PDF
No ratings yet
Civil Task PDF
3 pages
Mini Project Nikhat..
No ratings yet
Mini Project Nikhat..
14 pages
Exordium 04 En
No ratings yet
Exordium 04 En
20 pages
Brief History On Aryabhatta
60% (5)
Brief History On Aryabhatta
2 pages
17 Fortunado v. CA
No ratings yet
17 Fortunado v. CA
3 pages