I have a good one for you -- what is the industry definition for "IT Control"...

fifediggityfifediggity Member Posts: 3 ■■□□□□□□□□
I started looking around and could not find an official this is what IT control mean. Nothing clear from COSO, COBIT. etc.
There is no standard definition for IT control. I can make it up, and say its has to do with IT systems, but I would like to know if there is a industry standard version. This is a tough one!


  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    edited February 2019
    Welcome to TE - just curious, why are you asking?

    I suspect you aren't finding anything specific because the term isn't intended to be very complicated. "A control is an activity or process that is designed to ensure that a particular objective/goal is met."

    Example for IT control - you have a server and you have an objective that you are notified if the server is ever unreachable over the network. You can implement a control using an application that monitors access to the server with periodically pings and send you an SMS message if a ping fails.
  • kaijukaiju Member Posts: 453 ■■■■■■■□□□
    In my opinion IT/IA Controls are the guidelines and standards that provide a secure baseline Information Systems. The NIST pubs listed below will provide more information:

    NIST SP 800-37
    NIST SP 800-53
    NIST SP 800-137
    Work smarter NOT harder! Semper Gumby!
  • JDMurrayJDMurray Admin Posts: 13,025 Admin
    I look at "IT Control" as a high-level business category alongside of "Legal Control," "Financial Control," "HR Control," etc.
  • fifediggityfifediggity Member Posts: 3 ■■□□□□□□□□
    edited February 2019
    The issue I'm facing is, how can you define an IT control versus a normal control. 
    IF there is a clear delineation, like a definition that says this is an IT control, an industry standard version, its kind of nebulous. 
    All most all controls touch a system these days.
    How can you clearly state what the difference is.
    The why, is because I perform IT audits, and a high level executive asked a while ago and I never looked it up.
  • paul78paul78 Member Posts: 3,016 ■■■■■■■■■■
    The why, is because I perform IT audits, and a high level executive asked a while ago and I never looked it up.
    Hmm... You do audits and you can't identify a control?

  • fifediggityfifediggity Member Posts: 3 ■■□□□□□□□□
    That's out of context. Childish and weak. Be better next time.
    I can tell you what I think an IT control is. IS there an industry standard...I searched and couldn't find one. Thought this group would know, since their are smart people here.
  • JDMurrayJDMurray Admin Posts: 13,025 Admin
    There are many frameworks that define the concept of "IT Controls."  Have a look at the COBIT framework used to implement regulations like SOX. More leads are to be found in the Wikipedia's page for IT Controls.
Sign In or Register to comment.