facility monitoring procedures, 102-103
facility-based controls, data center auditing, 84-85
access-control systems, 84
alarm systems, 84-85
fire-suppression systems, 85
overview, 84
Fax Service, 145
FCPA (Foreign Corrupt Practices Act of 1977), 307
Federal Deposit Insurance Corporation Act (FDICIA), 328
Federal Financial Institutions Examination Council (FFIEC), 340
field work, 44-45
file security and controls
See also permissions
master checklist, 204
test steps, 182-188
file system layout and navigation, 167-169
File Transfer Protocol (FTP), anonymous, 192-193
finance audit manager, 6
financial auditors, 22-23
financial threats, 361
fire alarms, 84, 96-97
fire suppression, 85, 98-100
firewalls, 116-117, 157
additional controls, 130-131, 134
application proxies, 117
application-level firewalls, 117
overview, 116-117
packet-filtering firewalls, 117
stateful packet inspection (SPI) firewalls, 117
flame sensors, 97
flood elevations, 89
floors, of data center, 91
Foreign Corrupt Practices Act of 1977 (FCPA), 307
formal training, 29
Fport tool, 139, 144, 161
frameworks and standards, 307-325
Committee of Sponsoring Organizations (COSO), 308-315
definition of internal control, 309
enterprise risk management-integrated framework, 311-315
key concepts of internal control, 309
overview, 308-309
Control Objectives for Information and Related Technologies (CoBIT), 315-319
concepts, 316-317
connection with COSO, 319
IT governance, 318-319
overview, 315
International Organization for Standardization (ISO) 27001/ISO 17799/BS 7799, 322-323
IT Infrastructure Library (ITIL®), 319-322
National Security Agency Infosec Assessment Methodology (NSA IAM), 323-325
concepts, 323
on-site activities phase, 324-325
overview, 323
post-assessment phase, 325
pre-assessment phase, 324
overview, 307-308
trends, 325
FTP (File Transfer Protocol), anonymous, 192-193