14 Questions
The objective of this session is to define and explain ______ controls;
general
There are five categories of ______ controls discussed in this session;
general
[Blank] of responsibility is an important organisational control and personnel practice;
Delegation
A ______ committee is an example of organisational control and personnel practice;
Steering
[Blank] of duties is essential between development, operations, and security;
Segregation
Independent review of ______ is crucial in organisational controls and personnel practices;
logs
Personnel practices include issues such as Employing, ______, rotation of duties, training and dismissals/resignations.
leave
The ______ development life cycle includes request submission, needs assessment and selection, planning and design, systems development and testing, implementation, and post-implementation review.
Systems
Program ______ controls involve a process similar to the SDLC.
change
Access controls distinguish between ______ and logical access.
physical
Logical access controls involve ______, authentication, and authorization.
ID
Business continuity controls involve preventative measures such as security policy, ______ access, and logical access.
physical
Operating controls and maintenance are ______ in nature and involve scheduling, standards, and policies.
technical
Detective and corrective measures in business continuity controls include ______ and an emergency recovery plan.
back-ups
Study Notes
Topic 9: IT General Controls
Organisational Controls and Personnel Practices
- Delegation of responsibility involves a steering committee, CIO, and IT manager
- Segregation of duties is crucial, especially between development, operations, and security
- Reporting, supervision, and review are essential, with independent review of logs being extremely important
- Personnel practices involve considerations such as employing, leave, rotation of duties, training, and dismissals/resignations
Systems Development and Change Controls
- System Development Life Cycle (SDLC) consists of:
- Request submission, needs assessment, and selection
- Planning and design
- Systems development and testing (5 types of testing)
- Implementation
- Post-implementation review
- Program change controls should follow a similar process to SDLC
Access Controls
- Distinguish between physical and logical access
- Preventative measures:
- Security policy
- Physical access
- Logical access (ID, Authentication, and Authorisation)
- Detective and corrective measures:
- Logs, registers, and reports
- Other security controls:
- Library
- Communication (Encryption, Firewalls, call-back, anti-virus, and independent certification)
Business Continuity Controls
- Risks can be physical or logical
- Preventative measures:
- Security policy
- Physical access
- Logical access (ID, Authentication, and Authorisation)
- Detective and corrective measures:
- Back-ups and an emergency recovery plan
- Insurance
Operating Controls and Maintenance
- Operating controls are technical in nature
- Key aspects include:
- Scheduling
- Standards and policies
- Managing data, programs, and documentation
- Logs
- Policies for users
This quiz covers general controls related to the overall computer environment, including organisational controls, system development, business continuity, operating controls, and access controls.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
