Substantive Testing

Compliance Testing

Discovery Sampling

Stop-or-Go Sampling

Ignore it because employees follow policies strictly

Recommend immediate approval of policies

Emphasize the approval of policies to management

Report the absence of documented approval of policies

to prevent misuse of corporate resources

to prevent conflict of interest

to prevent employee performance issues

to prevent theft of IT assets and information of the company

The policy has not been updated in more than one year

The policy includes no revision history

Policy is approved by security administrator

No information security policy committee was formed to draft the policy

Certain Iterations producing unfinished code

Not extensive documentation

Continuous preplanning of the project

Managers do not mange project resources, delegating these to team members

Denial of Service

Man-in-the-Middle

Brute force

keylogging

Rule based

check sum based

heuristic filtering

Statistic based