Browse Information Systems and Controls (ISC)
-
-
- 3.1 COSO Internal Control – Integrated Framework: Relevance to Information Systems
- 3.2 COSO ERM for IT: Risk Management Across Digital Environments
- 3.3 COBIT 2019 Overview: Governance System Principles and Components
- 3.4 Other Influential Standards and Regulations (e.g., PCI DSS, HIPAA, GDPR)
- 3.5 ITIL and IT Service Management Overviews
-
-
- 10.1 Change Control Concepts: Policies and Procedures
- 10.2 Environments and Testing (Development, QA/Staging, Production)
- 10.3 Patch Management: Risks and Controls
- 10.4 Continuous Integration and Continuous Deployment in Modern DevOps
- 10.5 Systems Development Life Cycle (SDLC): Waterfall vs. Agile/DevOps
-
-
-
-
-
Chapter 21: Testing Security, Confidentiality, and Privacy Controls
In this section
-
Types of Security Assessments (Vulnerability Scans, Penetration Testing)
Explore how vulnerability scanning and penetration testing help organizations identify and mitigate security threats, including essential scope definition, best practices, and case studies relevant to CPA professionals.
-
Gathering Evidence of Control Operation
Learn how to gather reliable and reproducible audit evidence through inquiry, observation, inspection, and re-performance to validate the effectiveness of security, confidentiality, and privacy controls.
-
Remediation Tracking and Ongoing Monitoring
Learn how to effectively oversee risk resolution, track remediation efforts to closure, and establish continuous monitoring frameworks in compliance with IT and security standards.
-
Documenting Findings in Audit or Advisory Reports
Learn how to clearly, consistently, and effectively document findings in audit or advisory reports by emphasizing risk categorization, business context, and actionable recommendations.
