Scribd Logo
Upload

Welcome to Scribd!

  • Control Analysis: Audit Standard. The

    Uploaded by

    Zayaan Rnb
    4 views4 pages
    This document outlines steps for analyzing security controls for an IT system. It explains that the analysis should document controls corresponding to policy requirements and specify whether each control is currently implemented or planned. It also states that the next step is to match controls to previously identified risks to determine which risks require further response. An example table is provided to list security controls and their status as in place or planned in accordance with relevant standards.

    Original Description:

    ICT

    Original Title

    Control analysis

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document outlines steps for analyzing security controls for an IT system. It explains that the analysis should document controls corresponding to policy requirements and specify whether each control is currently implemented or planned. It also states that the next step is to match controls to previously identified risks to determine which risks require further response. An example table is provided to list security controls and their status as in place or planned in accordance with relevant standards.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    4 views4 pages

    Control Analysis: Audit Standard. The

    Uploaded by

    Zayaan Rnb
    This document outlines steps for analyzing security controls for an IT system. It explains that the analysis should document controls corresponding to policy requirements and specify whether each control is currently implemented or planned. It also states that the next step is to match controls to previously identified risks to determine which risks require further response. An example table is provided to list security controls and their status as in place or planned in accordance with relevant standards.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    CONTROL ANALYSIS

    The purpose of this step is to document a list of security controls used for the IT system. These controls should correspond to the requirements of the Policy, Standard, and Audit Standard. The analysis should also specify whether the control is in-place (i.e., current) or planned, and whether the control is currently enforced. In the next step these controls are matched with the risks identified in Table D, in order to identify those risks that require additional response. Table E is an example of a security controls list that corresponds to the requirements of the Policy, Standard, and Audit Standard. This list shows controls that are in-place, as well as those planned for implementation.

    Geographical Matrix

    Activities are grouped accordingto location. A combination of the functional and divisional.Dual reporting lines

    You might also like