IT Examiner School, Palm Springs, CA

First page Table of contents Previous page 54 Next page Last page

Types of IT Audits

Internal Audits/ Certifications

IT General Controls

Penetration Tests

Vulnerability Assessments

Statement on Standards for Attestation Engagements (SSAE‐16/18)

IT General Controls (ITGC)

• Logical access controls over infrastructure, applications, and data • System development life cycle controls • Program change management controls • Data center physical controls • System and data back‐up and recovery controls • Computer operation controls

ITGC:

ITGCs should be performed annually

Made with FlippingBook - professional solution for displaying marketing and sales documents online