Para 3.22.37 — MSO (Audit)

MSO (Audit)mso-audit

3.22.37 This helps verify the identity and authority of the person desiring to attempt a procedure or an operation. This control is exercised through the use of passwords, signatures, smart cards, cryptographic systems, etc. Such controls ensure that only authorised persons have access to the system for the purpose of entering and/or altering transactions, obtaining information, etc.
- Logical Access control

What This Means

Authorisation controls verify the identity and authority of any person attempting to perform an operation or procedure in the computer system. These controls use passwords, digital signatures, smart cards, or cryptographic systems to ensure that only authorised individuals can access the system, enter or alter transactions, or retrieve information.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Key Points

1Authorisation controls verify identity and authority of users
2Implemented through passwords, signatures, smart cards, and cryptographic systems
3Ensure only authorised persons can access the system
4Control who can enter, alter, or delete transactions
5Also control who can obtain information from the system

Practical Example

In a computerised land registry system, the auditor checks authorisation controls and finds that while individual passwords exist, 8 out of 20 users share passwords with colleagues so they can process work during absences. Two users with data entry roles have been given approval authority passwords 'temporarily' that were never revoked. The auditor recommends strict password policies, prohibition of password sharing, and a quarterly access rights review.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Frequently Asked Questions

What is the difference between authentication and authorisation?▼

Authentication verifies who you are (proving identity through passwords, smart cards, or biometrics). Authorisation determines what you are allowed to do once your identity is confirmed (which screens you can access, what transactions you can perform).

Why are passwords alone not always sufficient?▼

Passwords can be shared, stolen, guessed, or obtained through social engineering. Stronger systems use multi-factor authentication combining something you know (password), something you have (smart card), and something you are (biometric) for more reliable authorisation.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Para 3.22.37 — MSO (Audit)

Original Rule Text

What This Means

Key Points

Practical Example

Frequently Asked Questions

Related Rules