Computer Applications and Application Packages (Third Party)

Risks, Vulnerabilities and Threats

  • Lack of adherence to business rules in the flow and accuracy in processing
  • Missing validations of various data inputs
  • Weak access control and authorization processes
  • Inadequate exception handling and logging
  • Excess vendor access
  • Unauthorized access to critical/sensitive data

 

Control Objectives and Operational Goals

  • Solid workflow charts and documentation
  • Clear error correction documentation
  • Aware of web application security vulnerabilities
  • First-class staff security training
  • Limit all access to an appropriate need to know level
  • Employ web application firewalls
  • Move “shadow” (i.e. small duplicate files) databases to more secure environments
  • Contracts reviewed by IT Management