Abstract
M.Com. (Computer Auditing)
The need to evaluate today's complex computer environments from an audit
perspective has increased, particularly in viewof the disappearance of a paper audit
trail and the inefficiencies of auditing "around" the computer in these environments.
By making use of the Access Path and the Path Context Models, it was possible to
carry out an evaluation of the MVS/XA environment. This evaluation was carried
out using the methodology developed in this research essay. This methodology may
have universal applicability in the evaluation of computer security.
The concept of each layer in the access path being a "net", which only allows
authorised users to drop to the next layer, was applied. It was found that each
systems software component had sufficient facilities to meet the control objectives.
The operating system itself, however, was found to present the installation with more
risk factors than controls.
It was therefore concluded that an external access control software package needs
to be implemented to supplement the controls in this environment, if the control
objectives are to be met. It was also concluded that the implementation of this
package would not, in itself, solve all the security issues, and that the matrices
developed should be used in the implementation of this package. This is a further
indication of the usefulness of the model and the methodology. The applicability of
the Access Path and the Path Context Models in the evaluation of the predefined
environment has therefore been established.