2023 IT Examiner School

Information Security Controls

Administrative Controls support the classic management responsibilities of planning, directing, organizing, and reporting.

Technical Controls involve hardware and application or OS software.

Physical Controls protect against environmental, human, and systemic threats.

Board & Senior Management Responsibilities

• Senior Management is ultimately expected to: • Provide oversight • Provide funding and support • Ensure testing • Prioritize business functions • Establish a common vision/strategy/framework for the enterprise • “Sign-off” on Policy, BIA and other organizational documents.