IS Audit in BSE

Exactly why do you want to discuss it?

IS Audit is a new field for all the members here. It is being introduced for the first time in BSE. We can share our views & thoughts to enhance our knowledge.

How can we verify if the system uses Secured Socket Layer ( SSL ) or similar session confidentiality protection mechanism ? Please suggest the procedure.

If SSL protocol is being used the browser will have https:// instead of the usual https:// (s for secure), another protocol uses S-HTTP both the protocols are complimentary

Thanks for your prompt reply. Have you seen the Check List for Systems Audit in BSE ? Plz see it & then plz ans. the same query.

SSL relies on certificates - digital identification cards - and keys. Certificates include the name of the certificate authority that issued the certificate, the name of the entity to which the certificate was issued, the entity's public key, and time stamps that indicate the certificate's expiration date. Two types of keys are used as ciphers to encrypt and decrypt data. Private keys are issued to entities and are never given out. Public keys are given out freely. Both keys are necessary for authentication routines. Data encrypted with the public key cannot be decrypted with the same key: The private key must be used. Hence to check, you have to trace the chain of certificates given to each lower CA (cetifiying authority)by higher CA till the lass CA which self certifies.

Hi Shivangni great reply.

Let me try and explain my understanding of the SSL system -

The components involved are-
1. The Remote User
2. The SSL Server
3. The Internet

The purpose of the SSL is to authenticate the user. The SSL server maintains a set of Public Keys or CA List (Certifying Authority). The Remote user would have to use the public key and his own digital certificate. The user's public key is validated from the public key list with the SSL. If it doesn't match or its expired then the process stops.

Digital Signature is created using private keys and public key is utilized to verify its authenticity.

These are just basic aspects but you can generate your own checklist based on the above checkpoints.

If you have this BSE Checklist in soft copy please share it with us on the forum and highlight the areas wherein we need a discussion.

Regards.

Can I have copy of BSE IS audit checklist. Pl send - gsk12345 @ yahoo.com

Pl refer to circulars dated 17th May and 22nd Jnue 07,from BSE website.

"Sorry, I am not a featured member."

For featured members contact....

https://www.caclubindia.com/catalogue/featured.asp