October 2022
Intermediate to advanced
398 pages
14h 14m
English
Across the infrastructure, an audit should focus primarily on the following three objectives:
Examine the existence of relevant and appropriate security policies and procedures.
Verify the existence of controls supporting the policies.
Verify the effective implementation and ongoing monitoring of the controls.
Examining risk and IT controls throughout the IT infrastructure can be complex given the breadth of components across organizations. There are, however, a lot of similarities between different IT departments. It is helpful to define and, if necessary, break up the scope of the audit into manageable areas or domains of security responsibility. Figure 3-1 illustrates these seven domains, ...
Read now
Unlock full access