As an IS auditor, you should be extremely interested in the implementation of information asset protection mechanisms by the client. There are numerous threats that could compromise administrative, physical, and technical controls.
You should understand how these controls have been implemented by the customer and what level of monitoring is occurring. Implementing controls without constant monitoring would be a waste of effort. Without effective monitoring processes, the client would be negligent.
This chapter has covered several technical methods that the CISA is expected to know. Be sure to read this chapter at least twice and study the definitions carefully.