IT CONTROLS
IT controls Manual vs Automated
Manual Control:
Manage Activities
in a group could be either physical or IT/Automated/Programmed
Manual management is executed by people (e.g.
Authorization, Review, Reconciliations).
IT/Automated/Programmed Control:
A programmed
Manage is executed by computer software (e.g. corroboration checks). IT Manage are a further secret between two types i.e.
IT General Manage(ITGC)
and IT Application Manage
EXPLANATION
IT universal manage are those administer that
operate at thing grade and tell to all or any requests.
General
management helps the effectual performance of application Manage by ensuring the sustained good
process of IT scheme.
Examples
of IT General Controls:
Following
are the main categories of IT General Manage:
Manage over scheme
Acquisition (to ensure Computer-based information schemes and requests are urbanized
reliable with thing’s objectives.)
Manage over
System preservation (to ensure the system is appropriately updated and changed)
Mange over agenda
alters (To prevent/notice not permitted program changes)
Access Manage
(To stop illegal access/alteration to agenda and data records)
Manage over Data Center and computer operation
(To make sure permanence of process.
Controls
over Data Center and processor operation.
Safety events
for the defense of gear against flames, deluge, shutdown, robbery, or another disaster.
Tragedy revival Plan/unforeseen event Plan
e.g.
Offsite storage space of endorsement data.
Stand by preparations with a third party to offer
“technical support” in the occasion of adversity.
Cover reporting for IT communications.
Controls (over Programs and Data) Access
1-To
avoid unauthorized physical access:
Controlled solitary entrance point with
visitors’ logs.
Door tresses
with the log-in purpose (e.g. passwords, access cards, biometric).
Recognition
badges
Apprehension
& CCTV System
2-To
avoid unauthorized logical access:
Each consumer
has a unique Log-in ID and codeword (which is difficult to deduction and is distorted
occasionally). There are admission
rights for every user. which are occasionally review (to ensure separation of
duties).
Inactive
accounts are disabled after a pre-distinct era of non-practice (e.g. of
terminated employees).
Audit-Trail
and scheme-Logs are obtainable for all imperative behavior.
Use of
firewalls to stop unofficial access via the internet.
Manage over scheme
gaining
Uses of scheme
growth Life series for intending, growth, indoctrination of new computer scheme.
Full certification
of the new arrangement.
Testing of schemes
before execution.
Preparation
of employees before “live” process of the new scheme.
The new scheme
should be officially accepted by scheme-user
Manage over scheme
Maintenance
(Manage over
scheme Maintenance)
Manage over agenda
Changes
Changes to the agenda
should be accepted by a suitable level of organization.
There should
be a separation of responsibility between the everyday jobs of the programmer (who writes
the agenda) and the worker (who uses the agenda).
There should
be full certification of all agenda changes
Manage overuse of plan and statistics.
Training of workstation
workers with “Standard Operating events” and “Job preparation” to identify which
account of the agenda should be used.
Supervisors should observe the behavior of employees.
The organization should take out episodic reviews to ensure that the right versions program and
correct data records are being used.
Let’s converse
about other connected notions.
Audit
Trail:
Audit Trail
is the aptitude of users to draw a contract through all of its dispensation
stages. Audit follow can be given by scheme-logs.
System
Log:
A log folder is a file that minutes events
taking put in the implementation of a scheme. Logs supply necessary information
that can support in analyze and civilizing the system’s presentation.
Examples
of system logs include
When workers
entered and left the structure
Which consumer logged in, when and from where
Unsuccessful
log-in effort.
Who admission
and alter data file.
Modify made
to an agenda – what when and by whom
Effort cyber
interruption.
IT
Application management typically operates at a business procedure level and be valid
to the dispensation of dealings in-person applications (e.g. sales or purchase
or operating cost).
Application management
helps to make sure that dealings are correctly official, precisely process, and opportune
dispersed.
Examples
of IT Application controls:
Following are the main categories of IT
Application Manage:
Manage over
Input
Manage over
Processing
Manage over
Output
Reins over
Master File/Rank Data