LIVE GST Certification Course by CA Arun Chhajer begins 27th April. Register Now!!

IS Audit in BSE

Vinod Kashyap (XBRL Training) (451 Points)

04 June 2007

BSE has recently introduced IS Audit for IML / Internet Trading System used by its trading members. The Systems Audit is required to be carried out by CISA / DISA / CISSP. The first Systems Audit Report for the year ending 31st March 2007 is required to be submitted by 30th June 2007. We can discuss here about the scope & areas covered under the Systems Audit.

Reply
Follow
Share

10 Replies

Shivangni Sharma (Chartered Accountant) (28 Points)
Replied 09 June 2007

Exactly why do you want to discuss it?

Vinod Kashyap (XBRL Training) (451 Points)
Replied 10 June 2007

IS Audit is a new field for all the members here. It is being introduced for the first time in BSE. We can share our views & thoughts to enhance our knowledge.

Vinod Kashyap (XBRL Training) (451 Points)
Replied 19 June 2007

How can we verify if the system uses Secured Socket Layer ( SSL ) or similar session confidentiality protection mechanism ? Please suggest the procedure.

Shivangni Sharma (Chartered Accountant) (28 Points)
Replied 19 June 2007

If SSL protocol is being used the browser will have https:// instead of the usual https:// (s for secure), another protocol uses S-HTTP both the protocols are complimentary

Vinod Kashyap (XBRL Training) (451 Points)
Replied 19 June 2007

Thanks for your prompt reply. Have you seen the Check List for Systems Audit in BSE ? Plz see it & then plz ans. the same query.

Shivangni Sharma (Chartered Accountant) (28 Points)
Replied 19 June 2007

SSL relies on certificates - digital identification cards - and keys. Certificates include the name of the certificate authority that issued the certificate, the name of the entity to which the certificate was issued, the entity's public key, and time stamps that indicate the certificate's expiration date. Two types of keys are used as ciphers to encrypt and decrypt data. Private keys are issued to entities and are never given out. Public keys are given out freely. Both keys are necessary for authentication routines. Data encrypted with the public key cannot be decrypted with the same key: The private key must be used. Hence to check, you have to trace the chain of certificates given to each lower CA (cetifiying authority)by higher CA till the lass CA which self certifies.

The One (379 Points)
Replied 23 June 2007

Hi Shivangni great reply.

Let me try and explain my understanding of the SSL system -

The components involved are-
1. The Remote User
2. The SSL Server
3. The Internet

The purpose of the SSL is to authenticate the user. The SSL server maintains a set of Public Keys or CA List (Certifying Authority). The Remote user would have to use the public key and his own digital certificate. The user's public key is validated from the public key list with the SSL. If it doesn't match or its expired then the process stops.

Digital Signature is created using private keys and public key is utilized to verify its authenticity.

These are just basic aspects but you can generate your own checklist based on the above checkpoints.

If you have this BSE Checklist in soft copy please share it with us on the forum and highlight the areas wherein we need a discussion.

Regards.