Monitoring the Status of Controls

Your job as a CISA is to evaluate an organization’s internal controls. Internal controls are required during the normal processing at every computer terminal or computer workstation. Without proper controls, a minor error could become a major outage.

We discuss a series of security controls in this Study Guide. In Chapter 7, we discuss specific security controls for protecting information assets. For now, let’s visit controls that apply to IT service delivery:

  • System monitoring
  • Log management
  • System access controls
  • Data file controls
  • Application processing controls
  • Antivirus software
  • Active content and mobile software code
  • Maintenance controls, including change management
  • Separate test environment
  • Physical and ...

Get CISA® Certified Information Systems Auditor®: Study Guide, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.