I have a good one for you -- what is the industry definition for "IT Control"...
fifediggity
Member Posts: 3 ■■□□□□□□□□
in Off-Topic
I started looking around and could not find an official this is what IT control mean. Nothing clear from COSO, COBIT. etc.
There is no standard definition for IT control. I can make it up, and say its has to do with IT systems, but I would like to know if there is a industry standard version. This is a tough one!
There is no standard definition for IT control. I can make it up, and say its has to do with IT systems, but I would like to know if there is a industry standard version. This is a tough one!
Comments
-
paul78 Member Posts: 3,016 ■■■■■■■■■■Welcome to TE - just curious, why are you asking?I suspect you aren't finding anything specific because the term isn't intended to be very complicated. "A control is an activity or process that is designed to ensure that a particular objective/goal is met."Example for IT control - you have a server and you have an objective that you are notified if the server is ever unreachable over the network. You can implement a control using an application that monitors access to the server with periodically pings and send you an SMS message if a ping fails.
-
kaiju Member Posts: 453 ■■■■■■■□□□In my opinion IT/IA Controls are the guidelines and standards that provide a secure baseline Information Systems. The NIST pubs listed below will provide more information:NIST SP 800-37NIST SP 800-53NIST SP 800-137Work smarter NOT harder! Semper Gumby!
-
JDMurray Admin Posts: 13,099 AdminI look at "IT Control" as a high-level business category alongside of "Legal Control," "Financial Control," "HR Control," etc.
-
fifediggity Member Posts: 3 ■■□□□□□□□□The issue I'm facing is, how can you define an IT control versus a normal control.
IF there is a clear delineation, like a definition that says this is an IT control, an industry standard version, its kind of nebulous.
All most all controls touch a system these days.
How can you clearly state what the difference is.
The why, is because I perform IT audits, and a high level executive asked a while ago and I never looked it up. -
paul78 Member Posts: 3,016 ■■■■■■■■■■fifediggity said:The why, is because I perform IT audits, and a high level executive asked a while ago and I never looked it up.Hmm... You do audits and you can't identify a control?
-
fifediggity Member Posts: 3 ■■□□□□□□□□That's out of context. Childish and weak. Be better next time.
I can tell you what I think an IT control is. IS there an industry standard...I searched and couldn't find one. Thought this group would know, since their are smart people here. -
JDMurray Admin Posts: 13,099 AdminThere are many frameworks that define the concept of "IT Controls." Have a look at the COBIT framework used to implement regulations like SOX. More leads are to be found in the Wikipedia's page for IT Controls.