Para 3.22.39 — MSO (Audit)

MSO (Audit)mso-audit

3.22.39 These controls can also be used to restrict the use of powerful systems utilities, such as file editors. Logical access controls are often used with physical access controls to reduce the risk of the program and data files being amended unauthorisedly. The importance of logical access controls is increased where physical access controls are less effective as, for instance, when computer systems make use of communication networks such as Local Area and Wide Area Networks (LANs and WANs). The existence of adequate logical access security is particularly important where a client makes use of wide area networks and global facilities such as the Internet.

What This Means

Logical access controls can also restrict the use of powerful system utilities like file editors that could be used to modify data directly. They work alongside physical access controls for greater security. Logical access controls become especially important when physical controls are less effective — such as when systems are connected to Local Area Networks (LANs), Wide Area Networks (WANs), or the Internet, where remote access makes physical controls less relevant.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Key Points

1Logical controls can restrict use of powerful system utilities (e.g., file editors)
2They complement physical access controls for stronger overall security
3Importance increases when physical controls are less effective
4Networked systems (LANs, WANs) require stronger logical access controls
5Internet-connected systems need especially robust logical access security
6Combined physical and logical controls reduce risk of unauthorised data amendments

Practical Example

A government department's e-procurement portal is accessible over the Internet for vendor registrations. Since physical access controls are irrelevant for remote users, the auditor focuses on logical access controls: multi-factor authentication for bid submission, encrypted data transmission, role-based access (vendors can only see their own bids), and restriction of file editor utilities to a single database administrator. They find that the file editor utility is accessible to 5 IT staff, any of whom could directly modify bid amounts in the database.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Frequently Asked Questions

Why are file editor utilities a security concern?▼

File editors can directly modify data files bypassing all application-level controls, validations, and audit trails. If an unauthorised person accesses a file editor, they could change financial data — such as payment amounts or vendor details — without any record of the change.

How do networks increase the need for logical access controls?▼

Networks allow remote access from outside the physical premises, making physical security measures (locked rooms, guards) less effective. Logical access controls — passwords, encryption, firewalls, intrusion detection — become the primary defence against unauthorised access over networks.

This explanation was generated with AI assistance for educational purposes. Always refer to the official gazette notification for authoritative text.

Para 3.22.39 — MSO (Audit)

Original Rule Text

What This Means

Key Points

Practical Example

Frequently Asked Questions

Related Rules