October 2022
Intermediate to advanced
398 pages
14h 14m
English
Are controls put in place as stated in the IT security policy framework? Control frameworks such as those from COBIT, NIST, and the International Organization for Standardization (ISO) are useful here. They provide an effective means to assess and document an organization’s implementation of controls. This process is quite effective, especially when the organization’s framework is based on a well-known external framework.
The organization might have mappings of its controls to well-known frameworks. If available, auditors may use these mappings but should verify them first. This should be included in the final report. In addition, it provides the method for conducting the analysis of any gaps. These ...
Read now
Unlock full access