Security Controls and Technology ManagementImprovement and enhancement of system controls through expert gap analysis
Security Controls and Technology Management
The key tasks of Security and Technology Management include identifying desirable system controls as defined and documented. This is followed by reviewing implemented system controls by conducting a comprehensive audit of current information systems, identifying controls implemented, and evaluating effectiveness and completeness of control. This is followed by Gap Analysis of the controls which consists of identifying gaps in the controls implemented and the potential weaknesses. Finally recommendations and solutions are presented for improvement and enhancement of the system controls. This essentially involves the following 2 methods.
Business Process Controls & Compliance Management: the method for business process controls includes the following:
- Control Objectives- Identify and agree on control objectives
- Controls Defined- Define system and application controls to be implemented
- Control Risks- Identify and assess potential risks on the absence of controls
- Control Techniques- Define methods of implementing controls
- Control Framework- Define a Framework to Monitor controls
Technology Infrastructure Security: the method for assessing technology infrastructure security includes the following:
- Application Security- What level of security does the application provide, and how effective is it?
- Platform Security- What are the potential weaknesses in the OS?
- Network Security- How secure is the internal data network, and what are the potential risks on the application?
- Physical Security- Who has access to the system, and backup data?
- Data Store Security- What level of security is implemented for the databases and files?
- DOperational Sustainability- How practical will the controls be?