Response

Correction

Detection

Monitoring

IS department.

security committee.

security administrator.

board of directors.

this lack of knowledge may lead to unintentional disclosure of sensitive information.

information security is not critical to all functions.

IS audit should provide security training to the employees.

the audit finding will cause management to provide continuous training to staff.

outsourcing the IS function.

implementing and enforcing good processes.

hiring personnel willing to make a career within the organization.

meeting user requirements.

they are distributed and available to all staff.

security and control policies support business and IT objectives.

there is a published organizational chart with functional descriptions.

duties are appropriately segregated.

User management coordination does not exist.

Specific user accountability cannot be established.

Unauthorized users may have access to originate, modify or delete data.

Audit recommendations may not be implemented.

are developed for the organization as a whole.

are more likely to be derived as a result of a risk assessment.

will not conflict with overall corporate policy.

ensure consistency across the organization.