Podcast
Questions and Answers
The objective of this session is to define and explain ______ controls;
The objective of this session is to define and explain ______ controls;
general
There are five categories of ______ controls discussed in this session;
There are five categories of ______ controls discussed in this session;
general
[Blank] of responsibility is an important organisational control and personnel practice;
[Blank] of responsibility is an important organisational control and personnel practice;
Delegation
A ______ committee is an example of organisational control and personnel practice;
A ______ committee is an example of organisational control and personnel practice;
Signup and view all the answers
[Blank] of duties is essential between development, operations, and security;
[Blank] of duties is essential between development, operations, and security;
Signup and view all the answers
Independent review of ______ is crucial in organisational controls and personnel practices;
Independent review of ______ is crucial in organisational controls and personnel practices;
Signup and view all the answers
Personnel practices include issues such as Employing, ______, rotation of duties, training and dismissals/resignations.
Personnel practices include issues such as Employing, ______, rotation of duties, training and dismissals/resignations.
Signup and view all the answers
The ______ development life cycle includes request submission, needs assessment and selection, planning and design, systems development and testing, implementation, and post-implementation review.
The ______ development life cycle includes request submission, needs assessment and selection, planning and design, systems development and testing, implementation, and post-implementation review.
Signup and view all the answers
Program ______ controls involve a process similar to the SDLC.
Program ______ controls involve a process similar to the SDLC.
Signup and view all the answers
Access controls distinguish between ______ and logical access.
Access controls distinguish between ______ and logical access.
Signup and view all the answers
Logical access controls involve ______, authentication, and authorization.
Logical access controls involve ______, authentication, and authorization.
Signup and view all the answers
Business continuity controls involve preventative measures such as security policy, ______ access, and logical access.
Business continuity controls involve preventative measures such as security policy, ______ access, and logical access.
Signup and view all the answers
Operating controls and maintenance are ______ in nature and involve scheduling, standards, and policies.
Operating controls and maintenance are ______ in nature and involve scheduling, standards, and policies.
Signup and view all the answers
Detective and corrective measures in business continuity controls include ______ and an emergency recovery plan.
Detective and corrective measures in business continuity controls include ______ and an emergency recovery plan.
Signup and view all the answers
Study Notes
Topic 9: IT General Controls
Organisational Controls and Personnel Practices
- Delegation of responsibility involves a steering committee, CIO, and IT manager
- Segregation of duties is crucial, especially between development, operations, and security
- Reporting, supervision, and review are essential, with independent review of logs being extremely important
- Personnel practices involve considerations such as employing, leave, rotation of duties, training, and dismissals/resignations
Systems Development and Change Controls
- System Development Life Cycle (SDLC) consists of:
- Request submission, needs assessment, and selection
- Planning and design
- Systems development and testing (5 types of testing)
- Implementation
- Post-implementation review
- Program change controls should follow a similar process to SDLC
Access Controls
- Distinguish between physical and logical access
- Preventative measures:
- Security policy
- Physical access
- Logical access (ID, Authentication, and Authorisation)
- Detective and corrective measures:
- Logs, registers, and reports
- Other security controls:
- Library
- Communication (Encryption, Firewalls, call-back, anti-virus, and independent certification)
Business Continuity Controls
- Risks can be physical or logical
- Preventative measures:
- Security policy
- Physical access
- Logical access (ID, Authentication, and Authorisation)
- Detective and corrective measures:
- Back-ups and an emergency recovery plan
- Insurance
Operating Controls and Maintenance
- Operating controls are technical in nature
- Key aspects include:
- Scheduling
- Standards and policies
- Managing data, programs, and documentation
- Logs
- Policies for users
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz covers general controls related to the overall computer environment, including organisational controls, system development, business continuity, operating controls, and access controls.
