CISA: Controls

From Glitchdata
Jump to navigation Jump to search

Auditing adds several extra controls such as:

Compensating Controls

  • Compensating controls are used to mitigate risk when proper controls are not feasible or practical.
    • Verifying that only approved program changes are implemented. - In a small organization, it may not be feasible to hire new staff, which is why a compensating control may be necessary.
    • Verifying program changes has roughly the same effect as intended by full segregation of duties.
  • Duties performed by DBA should exclude deleting database activity logs.
  • "* Because database activity logs record activities performed by the database administrator (DBA), deleting them should be performed by an individual other than the DBA. This is a Compensating Control to aid in ensuring an appropriate segregation of duties and is associated with the DBA’s role.