|
IT General Control Audit
Primary control areas fall into three categories:
- Technical controls use technology as a basis for controlling the access to and usage of sensitive data throughout a physical structure and over a network.
- Physical control is the implementation of security measures in a defined structure used to deter or prevent unauthorized access to sensitive material.
- Administrative controls define the human factors of security.
The following are examples of areas where key controls are evaluated by Security Management Partners:
- General Organization
- Vendor Management
- Facility/Physical Security
- Network Configuration and Security Measures
- Security Testing
- Incident Response
- Hardware and Software Inventory
- IT Acquisition
- Maintenance and Patching
- Security Testing
- Incident Response
- Hardware and Software Inventory
- IT Acquisition
- Maintenance and Patching
- Systems Security
- Information Minimization
- Disaster Recovery—Business Continuity Planning
- Human Resources/Staffing
- Information Security Training/User Education/Awareness Training
- Programming Policies, Procedures, and Standards
|
