IT Examiner School, Providence, RI
IT General Controls (Continued)
Information Security Training and Awareness Employees and agents should receive IT and information security awareness training on a periodic basis. Customer awareness training may help reduce the risk of customers falling victim to criminal activities and may ultimately reduce monetary losses. Social Engineering Test Usually performed by external services providers, often in conjunction with a penetration test or other engagement. Test employees ability to follow information security policies and procedures and to not fall victim to phishing or other attempts to divulge information via email, phone, or the Internet. Encryption Laptops should be encrypted, especially if the company allows employees remote access. Employees should have the ability to encrypt email messages that include sensitive information.
IT General Controls (Continued)
Security Information Event Management (SIEM)
Products/services that give management the capabilities to monitor various servers and hardware appliances and applications using a combination of real-time monitoring and notification (security event management) and log retention/data correlation (security information management).
Provides various data security and data monitoring capabilities, including: Log aggregation External threat data Security alerts Forensic evidence retention Flexible pattern and trend analysis dashboard reports.
Made with FlippingBook Annual report