IT Examiner School, Seaside, CA

IT General Controls Audit

Purpose  The IT General Controls audit is designed to test IT internal controls to ensure that they are operating effectively. Scope  Logical access controls over infrastructure, applications, and data

 System development life cycle controls  Program change management controls  Data center physical controls  System and data back-up and recovery controls  Computer operation controls  Disaster Recovery/Business Continuity Planning

Vulnerability Assessment vs Penetration Tests High-level comparison:

 Vulnerability Assessments- identify network vulnerabilities/weaknesses

 Penetration Tests- subject a network or networks to “real life” cyber events internally and externally

 Both Vulnerability and Penetration tests are often performed by external audit entities. This helps provide technical expertise and independence.