Professional Documents
Culture Documents
Senior management
leadership, Policies and Security awareness
Organization
commitment and procedures and education
support
Information Security
Users External parties security specialist/
administrator advisors
IT developers IS auditors
Proactive
• Safeguards Reactive
• Controls that attempt to • Countermeasures
prevent an incident
• Controls that allow the
detection, containment and
recovery from an incident
Technical Controls also known as logical controls and are provided through
the use of technology, piece of equipment or device. Examples
include firewalls, network or host-based intrusion detection
systems (IDSs), passwords and antivirus software. A technical
control requires proper managerial (administrative) controls to
operate correctly.
The Big
Task 5.1 Picture
Evaluate the information security and
The foundation of
privacy policies, standards and
information security is
procedures for completeness,
based on well-aligned
alignment with generally accepted
security management
practices and compliance with
policies and procedures.
applicable external requirements.
Unauthorized entry
Blackmail
Embezzlement
Door locks
Manual or Identification
(cipher, biometric, CCTV
electronic logging badges
bolted, electronic)
Power failure
• Total failure (blackout)
• Severely reduced voltage (brownout)
• Sags, spikes and surges
• Electromagnetic interference (EMI)
Water damage/flooding
Manmade concerns
• Terrorist threats/attacks
• Vandalism
• Equipment failure
Fireproof and
Strategically
Fire suppression fire-resistant Electrical surge
located computer
systems building and office protectors
rooms
materials
Documented and
Uninterruptible
Power leads from Emergency tested BCPs and
power supply/
two substations power-off switch emergency
generator
evacuation plans
The Big
Task 5.2 Picture
Evaluate the design, implementation,
Physical security
maintenance, monitoring and
environmental controls
reporting of physical and
are the first line of
environmental controls to determine
defense in protecting
whether information assets are
assets from loss.
adequately safeguarded.
Advantages Disadvantages
• Decreased server hardware costs. • Inadequate host configuration could
• Shared processing capacity and storage create vulnerabilities that affect not only
space. the host, but also the guests.
• Decreased physical footprint. • Data could leak between guests.
• Multiple versions of the same OS. • Insecure protocols for remote access
could result in exposure of
administrative credentials.
The Big
Task 5.3 Picture
Evaluate the design, implementation,
Evaluation of system
maintenance, monitoring and
security engineering and
reporting of system and logical
architecture ensures the
security controls to verify the
foundations for ISM are
confidentiality, integrity and
in place to meet
availability of information.
organizational goals and
objectives.
Data at Data in
Data in motion
rest use
Authentication Methods
Logon IDs and Passwords
Tokens
Biometrics
Risks Controls
The Big
Task 5.4
Evaluate the design, implementation Picture
and monitoring of the data Data classification,
classification processes and protection and
procedures for alignment with the management processes
organization’s policies, standards, are critical in meeting
procedures and applicable external business and regulatory
requirements. requirements.
Virus
Device Physical
Tagging Data storage detection and
registration security
control
Acceptable
Encryption Compliance Approval Due care
use policy
Secure
Remote wipe BYOD
remote
and lock agreement
support
The Big
Task 5.5 Picture
Evaluate the processes and The IS auditor must
procedures used to store, retrieve, understand and be able
transport and dispose of assets to to evaluate the
determine whether information acceptable methods for
assets are adequately safeguarded. data management from
creation through
destruction.
Malware,
Denial of
Hacking viruses and Fraud
service (DoS)
worms
Network
Packet replay Masquerading Eavesdropping
analysis
Source: ISACA, CISA Review Manual, 26th Edition, figures 5.11 and 5.12
Computer
access • The IS auditor should attempt to access computer
transactions or data for which access is not authorized.
violations The unsuccessful attempts should be identified on
logging and security reports.
reporting
Identify
• Refers to the identification of information that is
available and might form the evidence of an incident
Preserve
• Refers to the practice of retrieving identified
information and preserving it as evidence
Analyze
• Involves extracting, processing and interpreting the
evidence
Present
• Involves a presentation to the various audiences, such
as management, attorneys, court, etc.
Additional Discovery
Reporting
The Big
Task 5.6 Picture
Evaluate the information security The information security
program to determine its program is the Alpha
effectiveness and alignment with the and the Omega for the
organization’s strategies and organization to realize
objectives. system confidentiality,
integrity and availability.