Options

I have a good one for you -- what is the industry definition for "IT Control"...

fifediggityfifediggity Member Posts: 3 ■■□□□□□□□□
in Off-Topic
I started looking around and could not find an official this is what IT control mean. Nothing clear from COSO, COBIT. etc.
There is no standard definition for IT control. I can make it up, and say its has to do with IT systems, but I would like to know if there is a industry standard version. This is a tough one!
· Share on FacebookShare on Twitter

Comments

  • Options
    paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    edited February 2019
    Welcome to TE - just curious, why are you asking?

    I suspect you aren't finding anything specific because the term isn't intended to be very complicated. "A control is an activity or process that is designed to ensure that a particular objective/goal is met."

    Example for IT control - you have a server and you have an objective that you are notified if the server is ever unreachable over the network. You can implement a control using an application that monitors access to the server with periodically pings and send you an SMS message if a ping fails.
    · Share on FacebookShare on Twitter
  • Options
    kaijukaiju Member Posts: 453 ■■■■■■■□□□
    In my opinion IT/IA Controls are the guidelines and standards that provide a secure baseline Information Systems. The NIST pubs listed below will provide more information:

    NIST SP 800-37
    NIST SP 800-53
    NIST SP 800-137
    Work smarter NOT harder! Semper Gumby!
    · Share on FacebookShare on Twitter
  • Options
    JDMurrayJDMurray Admin Posts: 13,031 Admin
    I look at "IT Control" as a high-level business category alongside of "Legal Control," "Financial Control," "HR Control," etc.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • Options
    fifediggityfifediggity Member Posts: 3 ■■□□□□□□□□
    edited February 2019
    The issue I'm facing is, how can you define an IT control versus a normal control. 
    IF there is a clear delineation, like a definition that says this is an IT control, an industry standard version, its kind of nebulous. 
    All most all controls touch a system these days.
    How can you clearly state what the difference is.
    The why, is because I perform IT audits, and a high level executive asked a while ago and I never looked it up.
    · Share on FacebookShare on Twitter
  • Options
    paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    fifediggity said:
    The why, is because I perform IT audits, and a high level executive asked a while ago and I never looked it up.
    Hmm... You do audits and you can't identify a control?

    · Share on FacebookShare on Twitter
  • Options
    fifediggityfifediggity Member Posts: 3 ■■□□□□□□□□
    That's out of context. Childish and weak. Be better next time.
    I can tell you what I think an IT control is. IS there an industry standard...I searched and couldn't find one. Thought this group would know, since their are smart people here.
    · Share on FacebookShare on Twitter
  • Options
    JDMurrayJDMurray Admin Posts: 13,031 Admin
    There are many frameworks that define the concept of "IT Controls."  Have a look at the COBIT framework used to implement regulations like SOX. More leads are to be found in the Wikipedia's page for IT Controls.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
Sign In or Register to comment.