I have a good one for you -- what is the industry definition for "IT Control"...

I started looking around and could not find an official this is what IT control mean. Nothing clear from COSO, COBIT. etc.
There is no standard definition for IT control. I can make it up, and say its has to do with IT systems, but I would like to know if there is a industry standard version. This is a tough one!

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

paul78

Welcome to TE - just curious, why are you asking?

I suspect you aren't finding anything specific because the term isn't intended to be very complicated. "A control is an activity or process that is designed to ensure that a particular objective/goal is met."

Example for IT control - you have a server and you have an objective that you are notified if the server is ever unreachable over the network. You can implement a control using an application that monitors access to the server with periodically pings and send you an SMS message if a ping fails.

kaiju

In my opinion IT/IA Controls are the guidelines and standards that provide a secure baseline Information Systems. The NIST pubs listed below will provide more information:

NIST SP 800-37

NIST SP 800-53

NIST SP 800-137

JDMurray

I look at "IT Control" as a high-level business category alongside of "Legal Control," "Financial Control," "HR Control," etc.

fifediggity

The issue I'm facing is, how can you define an IT control versus a normal control.
IF there is a clear delineation, like a definition that says this is an IT control, an industry standard version, its kind of nebulous.
All most all controls touch a system these days.
How can you clearly state what the difference is.
The why, is because I perform IT audits, and a high level executive asked a while ago and I never looked it up.

paul78

fifediggity said:

The why, is because I perform IT audits, and a high level executive asked a while ago and I never looked it up.

Hmm... You do audits and you can't identify a control?

fifediggity

That's out of context. Childish and weak. Be better next time.
I can tell you what I think an IT control is. IS there an industry standard...I searched and couldn't find one. Thought this group would know, since their are smart people here.

JDMurray

There are many frameworks that define the concept of "IT Controls." Have a look at the COBIT framework used to implement regulations like SOX. More leads are to be found in the Wikipedia's page for IT Controls.