Audit and Assurance

Expand all | Collapse all

BCP TO BE INVOKED DURING THE PANDEMIC COVID – 19 OUTBREAK

  • 1.  BCP TO BE INVOKED DURING THE PANDEMIC COVID – 19 OUTBREAK

    Posted 27 Mar, 2020 00:49
    Dear Members,
    Our Organisation intends to set up a VPN  to enable it's employees to work form home during this Pandemic COVID 19.IAD has been called upon to validate this kind of connection to ensure that there are no security gaps.

    How is it deployed as per IT 

    ''A Mobile Access enabled Security Gateway is setup at the network perimeter that inspects all traffic, including all Mobile Access traffic. IPS and Anti-Virus can be active on all traffic as well.

    A separate virtual local area network will be created for this purpose. Once a remote client connects to the secure web access portal and is fully authenticated, they will be leased an IP address within the VLAN. This VLAN will be allowed access to defined corporate IT services as per business and operations requirements.''

    Below figure show a high-level network diagram for this deployment.



    Key

    1. Internal Services
    2. Security with Mobile Access enabled
    3. SSL Tunnel over Internet
    4. Remote User with an Internet Connection



    Qn
    1. Is the above secure enough.
    2. What are the key things to consider when setting u this network, how can we ensure that the  network is reasonably secure.
    Requesting for your advise

    ------------------------------
    Rita Kobusinge
    MANAGER SYSTEMS AUDIT
    ------------------------------


  • 2.  RE: BCP TO BE INVOKED DURING THE PANDEMIC COVID – 19 OUTBREAK

    Posted 27 Mar, 2020 03:50
    @Rita Kobusinge

    There is a VPN security audit program available in ISACA. Link below.

    https://www.isaca.org/bookstore/internet-and-related-security/wapvpn

    ------------------------------
    Vikram Raghuveer
    Manager-IT and internal audits
    ------------------------------