tag:blogger.com,1999:blog-40056404702652787992024-03-14T02:18:45.613+09:00CIA tunetterの監査論?~IT監査を中心に~公認内部監査人(CIA)tunetterのブログです。
内部監査の試行錯誤を記録していきます。<p>
<a href="http://management.blogmura.com/keieigaku/"><img src="http://management.blogmura.com/keieigaku/img/keieigaku88_31.gif" width="88" height="31" border="0" alt="にほんブログ村 経営ブログ 経営学へ"></a><br><a href="http://management.blogmura.com/keieigaku/">いま何位?</a></p>tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.comBlogger160125tag:blogger.com,1999:blog-4005640470265278799.post-44755651622735310552010-12-26T00:03:00.000+09:002010-12-26T00:03:22.343+09:00処理の完全性の原則と基準の表の基準2.4引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は処理の完全性の原則と基準の表の基準2.4です。
Criteria 2.4
基準 2.4
The process for obtaining support and informing the entity about system processing integrity issues, errors and omissions, and breaches of systems tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-28063442676662026042010-11-20T16:01:00.000+09:002010-11-20T16:01:32.204+09:00処理の完全性の原則と基準の表の基準2.3引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は処理の完全性の原則と基準の表の基準2.3です。
Criteria 2.3
基準 2.3
Responsibility and accountability for the entity’s system processing integrity and related security policies, and changes and updates to those policies, are tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-52810362755945367902010-10-16T00:02:00.000+09:002010-10-16T00:02:06.067+09:00処理の完全性の原則と基準の表の基準2.2引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は処理の完全性の原則と基準の表の基準2.2です。
Criteria 2.2
基準 2.2
The processing integrity and related security obligations of users and the entity’s processing integrity and related security commitments to users are communicated
tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-38770035817159112242010-10-03T23:53:00.001+09:002010-10-03T23:54:54.820+09:00処理の完全性の原則と基準の表の基準2.0,2.1いろいろあって、2ヶ月ぶりの更新となります。ゆっくりと再開したいと思います。
引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は処理の完全性の原則と基準の表の基準2.0,2.1です。
Criteria 2.0Communications: The entity communicates its documented system processing integrity policies to authorized users.基準 2.0伝達:文書化されたtunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-38597572671408036352010-08-01T10:24:00.004+09:002010-08-01T10:25:39.349+09:00処理の完全性の原則と基準の表の基準1.3引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は処理の完全性の原則と基準の表の基準1.3です。
Criteria 1.3
基準 1.3Responsibility and accountability for the entity’s system processing integrity and related system security policies, and changes, updates, and exceptions to those tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-5245159564810210072010-07-23T22:53:00.000+09:002010-07-23T22:53:30.611+09:00処理の完全性の原則と基準の表の基準1.2引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は処理の完全性の原則と基準の表の基準1.2です。
Criteria 1.2
基準 1.2The entity’s system processing integrity and related security policies include, but may not be limited to, the following matters:
システム処 理の完全性と関連するセキュリティポリシーは以下の事柄を含む(tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-46345364368207854612010-07-08T22:49:00.003+09:002010-07-08T22:52:11.442+09:00処理の完全性の原則と基準の表 基準1.0、1.1Processing Integrity Principle and Criteria Table
処理の完全性の原則と基準の表
.24 System processing is complete, accurate, timely, and authorized.
.24 システム処理は完全で、正確で、適時で、許可されている。
Criteria 1.0
Policies: The entity defines and documents its policies for the processing integrity of its system.
基準 1.0
ポリシー:システムの処理の完全性のポリシーを定義し、文書化する。
Criteria 1.1
The entity’s processing integrity and related security tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-35052569072115118142010-07-05T22:51:00.002+09:002010-07-05T22:51:35.843+09:00Processing Integrity Principle and Criteria .23引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回はProcessing Integrity Principle and Criteriaの.23 です。
.23 Processing integrity differs from data integrity. Processing integrity does not automatically imply that the information stored by the system is complete, tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-14584598568750801082010-06-25T23:27:00.000+09:002010-06-25T23:27:49.904+09:00Processing Integrity Principle and Criteria .22引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回はProcessing Integrity Principle and Criteriaの.22 です。
.22 The risks associated with processing integrity are that the party initiating the transaction will not have the transaction completed or the service providedtunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-43266969707315639032010-06-23T23:59:00.000+09:002010-06-23T23:59:23.334+09:00Processing Integrity Principle and Criteria .21引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回はProcessing Integrity Principle and Criteriaの.21 です。
Processing Integrity Principle and Criteria
処理の完全 性の原則と基準
.21 The processing integrity principle refers to the completeness, accuracy, timeliness, and tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-4409576958912354452010-06-22T21:41:00.002+09:002010-06-22T21:41:51.513+09:00基準 4.3引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 4.3です。
Criteria 4.3
Environmental and technological changes are monitored and their effect on system availability and security is assessed on a timely basis.
基準 4.3
環境と技術的な変更は監視され、それらのシステムの可用性とtunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-21913147820241037442010-06-21T23:02:00.001+09:002010-06-21T23:05:44.457+09:00基準 4.2引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 4.2です。
Criteria 4.2
There is a process to identify and address potential impairments to the entity’s ongoing ability to achieve its objectives in accordance with its defined system availability tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-66739788642032356252010-06-17T23:03:00.001+09:002010-06-21T23:06:43.392+09:00基準 4.0、4.1引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 4.0、4.1です。
Criteria 4.0
Monitoring: The entity monitors the system and takes action to maintain compliance with its defined system availability policies.
基準 4.0監視:システムを監視し、システム可用性ポリシーを遵守した保守の行動をとる。tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-1636668273021527772010-06-16T22:49:00.002+09:002010-06-16T22:49:44.571+09:00基準3.15引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 3.15です。
Criteria 3.15
Procedures exist to provide that emergency changes are documented and authorized (including after-the-fact approval).
基準3.15
緊急の変更がドキュメント化・許可されることを供給する手順が存在する。(事後承認を含む)
tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-14339761057134425582010-06-15T22:46:00.003+09:002010-06-15T22:47:23.052+09:00基準 3.14引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 3.14です。
Criteria 3.14
Procedures exist to provide that only authorized, tested, and documented changes are made to the system.
基準3.14
許可され、テストされ、文書化された変更のみが加えられることを供給する手順が存在する。
Illustrative tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-63871570187485180222010-06-14T22:47:00.000+09:002010-06-14T22:47:05.323+09:00基準 3.13引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 3.13です。
Maintainability-related criteria applicable to the system’s availability
システムの可用性に適用可能な保守性に関する基準
Criteria 3.13
Procedures exist to maintain system components, including configurations tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-10089960565322251762010-06-12T09:38:00.000+09:002010-06-12T09:38:29.157+09:00基準 3.12※ワールドカップのオープニングゲームを見ていたら更新を忘れました。。。
引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 3.12です。
Criteria 3.12
Procedures exist to provide that personnel responsible for the design, development, implementation, and operation of systems tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-85568892953980502472010-06-10T22:50:00.000+09:002010-06-10T22:50:02.284+09:00基準 3.11引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 3.11です。
Criteria related to the system components used to achieve the objectives
目的達成に使用されるシステムコンポーネントに関する 基準
Criteria 3.11
Design, acquisition, implementation, configuration, modification, andtunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-64229943574874931532010-06-09T22:56:00.000+09:002010-06-09T22:56:39.867+09:00基準 3.10引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 3.10です。
Criteria 3.10
基準 3.10
Procedures exist to provide that issues of noncompliance with system availability and related security policies are promptly addressed and that corrective measurestunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-31327479116150292172010-06-08T22:50:00.000+09:002010-06-08T22:50:36.083+09:00基準 3.9引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 3.9です。
Criteria 3.9
基準 3.9
Procedures exist to identify, report, and act upon system availability issues and related security breaches and other incidents.
システムの可用性の問題および関連するセキュ リティの侵害や他の事件についてtunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-44568330437957295082010-06-04T21:51:00.001+09:002010-06-04T21:53:52.328+09:00基準 3.8引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 3.8です。
Criteria 3.8
基準 3.8
Encryption or other equivalent security techniques are used to protect user authentication information and the corresponding session transmitted over the Internet or tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-16947574363348614142010-06-03T22:51:00.001+09:002010-06-03T22:52:27.191+09:00基準 3.7引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 3.7です。
Criteria 3.7
基準 3.7
Procedures exist to protect against infection by computer viruses, malicious codes, and unauthorized software.
コンピューターウィルス、悪意のコード、未承認のソフトウェアの感染に対する 防御手順が存在する。
tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-80480387598528696032010-06-02T22:45:00.001+09:002010-06-02T22:46:00.410+09:00基準 3.6引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 3.6です。
Criteria 3.6
基準 3.6
Procedures exist to protect against unauthorized logical access to the defined system.
定義されたシステムへの未承認の論理的アクセスに対する防御手順が存在する。
Illustrative Controls
統制の実例
Login tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-30190620075053534262010-06-01T23:00:00.001+09:002010-06-01T23:01:03.541+09:00基準 3.5引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表の基準 3.5です。
Criteria 3.5
基準 3.5
Procedures exist to restrict physical access to the defined system including, but not limited to, facilities, backup media, and other system components such as tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0tag:blogger.com,1999:blog-4005640470265278799.post-63340849503305334412010-05-31T23:01:00.000+09:002010-05-31T23:01:29.009+09:00e. Restriction of access to system configurations, superuser functionality, master passwords, powerful utilities, and security devices引き続 き、Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®)の勝手訳です。今回は可用性の原則と基準の表のe. Restriction of access to system configurations, superuser functionality, master passwords, powerful utilities, and security devicesです。
e. Restriction of access to system configurations, tunetterhttp://www.blogger.com/profile/16763088467255102011noreply@blogger.com0