Podcast
Questions and Answers
The objective of this session is to define and explain ______ controls;
The objective of this session is to define and explain ______ controls;
general
There are five categories of ______ controls discussed in this session;
There are five categories of ______ controls discussed in this session;
general
[Blank] of responsibility is an important organisational control and personnel practice;
[Blank] of responsibility is an important organisational control and personnel practice;
Delegation
A ______ committee is an example of organisational control and personnel practice;
A ______ committee is an example of organisational control and personnel practice;
[Blank] of duties is essential between development, operations, and security;
[Blank] of duties is essential between development, operations, and security;
Independent review of ______ is crucial in organisational controls and personnel practices;
Independent review of ______ is crucial in organisational controls and personnel practices;
Personnel practices include issues such as Employing, ______, rotation of duties, training and dismissals/resignations.
Personnel practices include issues such as Employing, ______, rotation of duties, training and dismissals/resignations.
The ______ development life cycle includes request submission, needs assessment and selection, planning and design, systems development and testing, implementation, and post-implementation review.
The ______ development life cycle includes request submission, needs assessment and selection, planning and design, systems development and testing, implementation, and post-implementation review.
Program ______ controls involve a process similar to the SDLC.
Program ______ controls involve a process similar to the SDLC.
Access controls distinguish between ______ and logical access.
Access controls distinguish between ______ and logical access.
Logical access controls involve ______, authentication, and authorization.
Logical access controls involve ______, authentication, and authorization.
Business continuity controls involve preventative measures such as security policy, ______ access, and logical access.
Business continuity controls involve preventative measures such as security policy, ______ access, and logical access.
Operating controls and maintenance are ______ in nature and involve scheduling, standards, and policies.
Operating controls and maintenance are ______ in nature and involve scheduling, standards, and policies.
Detective and corrective measures in business continuity controls include ______ and an emergency recovery plan.
Detective and corrective measures in business continuity controls include ______ and an emergency recovery plan.
Study Notes
Topic 9: IT General Controls
Organisational Controls and Personnel Practices
- Delegation of responsibility involves a steering committee, CIO, and IT manager
- Segregation of duties is crucial, especially between development, operations, and security
- Reporting, supervision, and review are essential, with independent review of logs being extremely important
- Personnel practices involve considerations such as employing, leave, rotation of duties, training, and dismissals/resignations
Systems Development and Change Controls
- System Development Life Cycle (SDLC) consists of:
- Request submission, needs assessment, and selection
- Planning and design
- Systems development and testing (5 types of testing)
- Implementation
- Post-implementation review
- Program change controls should follow a similar process to SDLC
Access Controls
- Distinguish between physical and logical access
- Preventative measures:
- Security policy
- Physical access
- Logical access (ID, Authentication, and Authorisation)
- Detective and corrective measures:
- Logs, registers, and reports
- Other security controls:
- Library
- Communication (Encryption, Firewalls, call-back, anti-virus, and independent certification)
Business Continuity Controls
- Risks can be physical or logical
- Preventative measures:
- Security policy
- Physical access
- Logical access (ID, Authentication, and Authorisation)
- Detective and corrective measures:
- Back-ups and an emergency recovery plan
- Insurance
Operating Controls and Maintenance
- Operating controls are technical in nature
- Key aspects include:
- Scheduling
- Standards and policies
- Managing data, programs, and documentation
- Logs
- Policies for users
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz covers general controls related to the overall computer environment, including organisational controls, system development, business continuity, operating controls, and access controls.