The IS auditor’s best recommendation is to ensure that programmers cannot access code after the completion of program edits. This is because programmers who have access to code after editing may introduce unauthorized or malicious changes that could compromise the security, functionality, or performance of the application. By restricting access to code after editing, the organization can ensure that only authorized and tested code is released into production, and prevent any tampering or reoccurrence of the same issue.
[References:, 1 discusses the importance of controlling access to code after editing and testing, and provides some best practices for doing so., 2 explains how programmers can introduce malicious code into applications, and how to prevent and detect such attacks., 3 describes the role of IS auditors in reviewing and assessing the security and quality of application code., , , , , ]
Submit