ABSTRACT
Evaluating IT solutions with an appropriate cybersecurity control over the information assets requires a detailed understanding of security principles and practices. Confidentiality, integrity, and availability are information security principles. Regarding practices, utilizable information should provide accurate and complete disclosure of available data while maintaining expected confidentiality. Information integrity and reliability are necessary for decisions that affect entity operational costs. Moreover, where there is an undue focus on compliance, an entity’s IAP risk analysis can distort risk priorities and agendas, convey a false sense of security, and permit mistakes in resource allocations. Assessing Cyber Security Governance (CSG) is a critical audit service element contributing to an entity’s access management, network infrastructure, risk analysis, technological environment controls, and protecting confidential information assets. Chapter 8 presents how to apply important IT audit methods from a system perspective when examining CSG operational processes.
