Where is the head and tail?


So, I have been asked to undertake security auditing of a financial application, whose source code we have recently acquired. The application is written in D2K with oracle backend.

As I understand it, boss wants security procedures laid out before we start to implement this application across our branches in various countries. Also, he doesn't want any haphazard development to start whenever any changes are asked by accounts dept.

How should I start? Well, I can start to outline Change Management procedures that would be followed. Segregation of duties between various levels of developers, quality assurance, app admin etc. That's generic.

Then what? I am a novice when it comes to accounting and finance. Should I define workflows within dept. of accounting? Should I sit with accountants and other users and get deep into various things they do and then look deeply inside each module of this finance application in order to study General Ledgers, Journal Vuchers, Accounts recievables/payables etc. That would take months!!

Is there any set checklist for such kind of application auditing?
Any/all inputs would be highly appreciated. Please take some time out to enlighen me!!


---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console.
Think what's next. Think BigFix.

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------

Relevant Pages

  • Re: Integrated security - why not?
    ... Let me explain why we seldom use Integrated Security for Internet asp.net ... how could we setup accounts for them? ... !server to the public network with services such as SQL Server (remember SQL ... The DC at the ISP is not for our own use. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: absolutepoker news
    ... The chances of uncovering any further cheating at any other site are probably slim to none. ... However, knowing poker players as I do, my guess is most Absolute customers will stay right where they are. ... The statement acknowledges the security breach within Absolute's system that allowed information about opponents' hole cards to be transmitted to several suspect accounts, and confirmed that the hand log released accidentally to Marco 'CrazyMarco' Johnson, the runner-up in the suspect tournament, did in fact highlight the security flaw that allowed the site to be compromised. ...
    (rec.gambling.poker)
  • Re: absolutepoker news
    ... The chances of uncovering any further cheating at any other site are probably slim to none. ... However, knowing poker players as I do, my guess is most Absolute customers will stay right where they are. ... The statement acknowledges the security breach within Absolute's system that allowed information about opponents' hole cards to be transmitted to several suspect accounts, and confirmed that the hand log released accidentally to Marco 'CrazyMarco' Johnson, the runner-up in the suspect tournament, did in fact highlight the security flaw that allowed the site to be compromised. ...
    (rec.gambling.poker)
  • Choosing secure passwords - Feedback solicited
    ... Choosing secure passwords is the most important thing you can do to ... secure your accounts and avoid the headaches of a security breach. ... that will help you remember the PIN. ...
    (comp.security.misc)
  • Re: NEED HELP HERE! Check XP Access Problems Below!
    ... >>Roger Abell ... >>Microsoft MVP (Windows Server System: Security) ... >>>>When attempt to create new accounts, ...
    (microsoft.public.windowsxp.security_admin)