22 Apr See Risk and Control Matrix (RACM) Instructions and blank Infrastructure Risk and Control Matrix on the excel. Requirement : choose among INF_01,
See Risk and Control Matrix (RACM) Instructions and blank Infrastructure Risk and Control Matrix on the excel.
Requirement : choose among INF_01, INF_02, INF_03 and INF_04. Just do 1 of these Business Processes. Then do all of the Business Processes from INF_05 through INF_16.
Infrast
| Domain: IT Infrastructure | Date: | |||||||
| Business Process: | Version: | |||||||
| Author: | ||||||||
| Cntrl Nmbr | Business Process | Process Objectives | Risks | Control Activities | Test Procedures | |||
| INF_01 | Server: File & Print Services; User Subdirectories | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_02 | Server: Domain Name Server (DNS) (Hint: DNS role in LAN) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_03 | Server: Application Servers | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_04 | Server: Database Servers (Hint: Database often deployed on its own severs.) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_05 | Storage: On Server | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_06 | Storage: NAS | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_07 | Network Switches & Routers | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_08 | WiFi Access Points | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_09 | Local Area Network (LAN) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_10 | Firewall(s) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_11 | Intrusion Protection/ Intrustion Detection (IPS/IDS) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_12 | Internet Connection | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_13 | Desktops & Workstations | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_14 | Voice Over IP (VOIP) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_15 | Back Ups | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_16 | Cloud Infrastructure (IaaS/PaaS) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_17 | unused | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | |
| 1) 2) 3) | Effective | |||||||
| INF_18 | EXAMPLE: Data Center (Server Room) containing Servers, Switches, Racks, special IT infrastructure | 1) Protect Physical Assets from loss by theft or damage 2) 3) | 1a) Loss by Theft 1b) Loss by damage 2) 3) | 1a1) Place servers in secure room. 1a2) Place physical Locks on the room to control access. 1a3) Monitor access with CCTV 1b1) Provide adequate A/C to prevent overheating. 1b1) Provide non-water fire suppression to contain fire. 2) 3) (Could use automated access system to control entry which automatically records room entries, including when and who.) | 1a1) Confirm that design is appropriate and adequate. 1a2) Confirm that design is appropriate and adequate. 1a3) Confirm that design is appropriate and adequate. 1b1) Confirm that design is appropriate and adequate. 1b2) Confirm that design is appropriate and adequate. 2) 3) | Design | General IT Control | |
| 1a1) Confirm facility is secure continuously over the period under audit. 1a2) Confirm physical locks are operational and used and not defeated. 1a3) Confirm CCTV is continuously operational and tested periodically. 1b1) Confirm a/c is continually operational and tested periodically. 1b2) Confirm fire suppression system is continuously operational and inspected periodically. 1) Determine if any incidents occurred during the audit period; Determine if the incidents identify any deficiencies. 2) 3) [Note: If access logs are used, review them.] | Effectiveness | |||||||
| INF_19 | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | 1) 2) 3) | Design | General IT Control | ||
| 1) 2) 3) | Effectiveness | |||||||
| INF_20 | ||||||||
| INF_21 | ||||||||
| INF_22 | ||||||||
| This assignment was completed in compliance with the University's Academic Integrity Policy. This work is entirely my own work written in my own words completely independent of anyone else. /s/ ____________________ | ||||||||
| Other Potential Topics: Cabling, | ||||||||
&"-,Bold"&14IT Auditing and Assurance Infrastructure Risk and Control Matrix
&"-,Bold"&10&Z&F &"-,Bold"&10Page &P of &N &"-,Bold"&10Illustration for Educational Puposes Only
