Monitoring the Status of Controls
Your job as a CISA is to evaluate an organization’s internal controls. Internal controls are required during the normal processing at every computer terminal or computer workstation. Without proper controls, a minor error could become a major outage.
We discuss a series of security controls in this Study Guide. In Chapter 7, we discuss specific security controls for protecting information assets. For now, let’s visit controls that apply to IT service delivery:
- System monitoring
- Log management
- System access controls
- Data file controls
- Application processing controls
- Antivirus software
- Active content and mobile software code
- Maintenance controls, including change management
- Separate test environment
- Physical and ...