Question $1115$ Marks

You have completed your IA learnership and enjoyed the ICT module. You recently joined the internal audit team at a large bank as part of the IT audit team. You have been tasked with auditing logical access controls. This is the first time that you will be auditing logical access. Although your supervisor will be joining you in the discussion with the IT administrator, you will be leading the discussion. In preparation for your meeting with the client you have decided to prepare, and over and above having a list of questions to ask you also did some research on what types of controls to expect.

Required:

a$.$ Which password controls would you expect to find when employees logon to banking applications? Also explain why your expectations may differ from good practice guidelines.

$(10$ marks$)$

b$.$ The bank uses two$-$factor authentication when clients use on$-$line banking. Explain what two$-$factor authentication is and how the bank could have implemented it$.$