Question
Complete the attached RACM (Risk and Control Matrix ? Infrastructure). This schedule focuses on the risks and controls associated with Infrastructure, which is part of
Complete the attached RACM (Risk and Control Matrix ? Infrastructure). This schedule focuses on the risks and controls associated with Infrastructure, which is part of COSO?s General IT Controls.
UCR IT Auditing and Assurance (MGT278B) Risk and Control Matrix Domain: Infrastructure Control Nmbr Business Process Process Objectives 1) INF_01 Servers (in general) 2) 3) 1) Server - Domain Name INF_02 2) Server 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) Server - Database 2) Servers 3) 1) Storage (on Server) 2) 3) 1) Storage (on Network 2) NAS) 3) 1) Network Switches & 2) Routers 3) 1) WiFi Access Points 2) 3) 1) Local Area Network 2) (LAN) 3) 1) Firewall(s) 2) 3) 1) Internet Connection 2) 3) 1) Cabling 2) 3) 1) Workstations 2) 3) 1) Photocopiers 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) 1) 2) 3) Subdirectories Server - Engineering INF_04 File Server (contains Intellectual Property) INF_07 INF_08 INF_09 INF_10 INF_11 INF_12 INF_13 INF_14 INF_15 INF_16 Test Procedures 1) 2) 3) 1) 2) 3) Server - General File INF_06 Control Activities 1) 2) 3) 1) 2) 3) INF_03 Services - User INF_05 Risks 1) 2) 3) 1) 2) 3) Server - Application Servers file:///var/filecabinet/temp/converter_assets/2b/5a/qattachments_2b5a05079aba0b3bc993c5c5150e114b602dc96b.xlsx Page 1 of 2 UCR IT Auditing and Assurance (MGT278B) Risk and Control Matrix Domain: Infrastructure Control Nmbr Business Process Process Objectives Risks Control Activities 1) 2) 3) 1) 2) 3) "Server Room" containing Servers, INF_19 Switches, Racks, special IT infrastructure 1) 2) 3) Restrict Physical Access 1) 2) 1) 3)a) Lock on Data Center entrance. 2) 3)b) Access Log for recording who entered 3) Unathorized physical access to Data Center when. Company Servers (Could use automated access system to control entry which automatically records room entries; when and who.) 1) 2) 3)a) Confirm locks are present and operational. 3)b) Confirm Entrance Log is maintained. INF_20 Data Center 1) 2) 3) 1) 2) 3) 1) 2) 3) INF_17 Voice Over IP (VOIP) INF_18 Back Ups 1) 2) 3) 1) 2) 3) Test Procedures 1) 2) 3) 1) 2) 3) 1) 2) 3) INF_21 INF_22 INF_23 INF_24 file:///var/filecabinet/temp/converter_assets/2b/5a/qattachments_2b5a05079aba0b3bc993c5c5150e114b602dc96b.xlsx Page 2 of 2 1) 2) 3) 1) 2) 3) Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started
Financial Accounting
Authors: Robert Kemp, Jeffrey Waybright
3rd Edition
133427889, 978-0133427882
