CHAPTER 3.IT SECURITY CONTROLS
There are few things that can stagger a company more quickly and adversely than the loss of critical software applications and electronic data. A primary responsibility of every controller is to safeguard the enterprise’s assets. As stewards of IT assets, controllers need to thoroughly understand their enterprises’ data-storage and back-up decisions and practices, actively participate with IT to determine the most cost-effective data storage and backup plans based on specific data-loss risks, and regularly monitor back up compliance.
Strong administrative and technical IT controls depend on proper physical security controls being in place. In other words, an administrative policy allowing only authorized employee access to the data center does little good without some kind of physical access control.
This chapter includes the following information to help controllers with IT oversight:
| Chapter 3. IT Security Controls |
| IT Security Scope |
| Roles and Responsibilities |
| Top 10 IT Security and Physical IT Security Controls |
| Security and Privacy Awareness Training |
| IT Governance |
| Areas of Focus |
| Key Components of Successful Governance |
| The COBIT 5 Framework |
| COBIT 5 and the Business Model for Information Security (BMIS) |
| Other IT Internal Control Frameworks and Considerations |
| Breaches Stemming From Mobile Technology |
| Physical Security |
| Preventive, Detective, Corrective, and Recovery Security Controls |
| ISO IEC 17799: 2005 |
| IT Security for ... |
Get The Master Guide to Controllers' Best Practices, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
