ABSTRACT
Within an IT installation, operational controls are in place to implement organizational policy and organization controls. Operations controls focus on protecting data files and programs as well as assuring the security of the computer installation itself. Computer installation controls can be classified as physical security and access controls, environmental controls, software and data security controls, and administrative security controls. Data communications are an integral part of today’s organizations, yet many auditors are not trained sufficiently in analyzing and assessing data communications controls. žis chapter presents an overview of operational processes and provides guidelines for reviewing key control areas.
