Scribd
Upload
67 views1 page

Control Answer Comments CT Risk Id CTL ICQ REF Y N

The document contains questions about controls and risk management for IT networks. It asks if network use is monitored for unauthorized access and equipment misuse. It also asks if encryption is used to prevent unauthorized data access over the network. Finally, it inquires about controls to safeguard data and programs from various threats, and arrangements to back up network management software and hardware maintenance.

Uploaded by

h
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
67 views1 page

Control Answer Comments CT Risk Id CTL ICQ REF Y N

The document contains questions about controls and risk management for IT networks. It asks if network use is monitored for unauthorized access and equipment misuse. It also asks if encryption is used to prevent unauthorized data access over the network. Finally, it inquires about controls to safeguard data and programs from various threats, and arrangements to back up network management software and hardware maintenance.

Uploaded by

h
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

cipfa-audit-IT-03.

qxd
RISK ICQ CONTROL ANSWER COMMENTS CT
ID CTL REF Y N

10/10/2002
2.3 2.3 Is use of the network monitored to check for unauthorised network 2.3.1
connections and for equipment that is functioning (or being used) 2.3.2
incorrectly?
3.1 3.1 Is encryption used to prevent unauthorised access to data transmitted 3.1.1
over the network? 3.1.2

16:58
3.1.3
3.1.4
3.2 Are controls designed to safeguard data and programs from loss, 3.2.1

Page 401
misuse, theft, damage and accidental or deliberate corruption and 3.2.2
denial of service attacks? 3.2.3
3.2.4
3.2.5
3.3 Are networks designed and built to maximise the effectiveness of data 3.3.1
traffic? 3.3.2
4.1 Are hardware and communication media protected against damage, 4.1.1
malfunction and misuse? Is suitability of locations given due 4.1.2
consideration?
4.2 Do arrangements exist for the maintenance and insurance of hardware, 4.2.1
communications infrastructure, network management software and 4.2.2
consequential loss? 4.2.3
4.2.4
4.2.5
4.3 Are network management software and data files on each file server 4.3.1
and network device backed up regularly and the copies retained in a 4.3.2
safe place? 4.3.3

CONTROL MATRICES
4.4 Do recovery and business continuity arrangements exist in the event of 4.4.1
failure of lines or nodes on the network? 4.4.2
Page 401

You might also like