IT SECURITY CONTROLS ASSESSMENT
COMPREHENSIVE
IT CONTROLS ASSESSMENT
The Security Control Assessment is the testing and/or evaluation of the management, operational, and technical security controls in an information system to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system. Security Control Assessment is the testing and/or evaluation of the management, operational, and technical security controls to determine the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system and/or enterprise. – IT controls are generally grouped into two broad categories:
• General controls commonly include controls over data center operations, system
software acquisition and maintenance, logical security, and application system
development and maintenance.
• Application controls such as computer matching and edit checks are programmed
steps within application software; they are designed to help ensure the
completeness and accuracy of transaction processing, authorization, and validity.
– Examples:
• Strong password policy ITGC
• Encryption of mobile devices ITGC
• Anomaly detection system Application
The Methodology
IT Security controls consist of Parameter and Network Security devices such as
Routers & Switches, Firewalls, IPS, IDS, E-mail security, WAF, Proxy servers, Endpoint Anti Virus etc.
A thorough assessment of rules and policies setup on the devices assures you that they are working as intended and follow industry standard best practices. An IT Controls Assessment is the best way to find the effectiveness of such controls.