Skip to main content

Secondary navigation:

Information Technology

Risks and Controls

General Computer Controls enhance data integrity by protecting (1) data in transit and (2) stored data on a computer system, and by limiting who can access and modify data. Appropriate information security controls ensure that (1) sensitive and confidential data is not compromised or inappropriately shared, (2) data is accurate, (3) information is available, and (4) the system is reliable.  IT controls are integrated into policies/procedures and the business objectives of the University.  IT audits address the following control objectives:
 

Audit Trails

Access

Authorization

Business Continuity

Compliance

Data Integrity

Documentation

Physical Security

Policy/Procedures

Separation of Duties

System Security

Training/Education

 

IT Enterprise Controls

IT enterprise controls are those controls that are pervasive to all systems components, processes and data for a given organization or system environment.

 

Application Controls

Application controls help to protect and support a system that hosts University data.  ERP systems, databases, mainframes, client\server systems, and web-based systems should have appropriate controls in place to ensure that the data is protected and the system is adequately supported.  Controls are imbedded into business process applications including accounting systems, such as payroll or accounts payable.  Controls help ensure that transactions are authorized, complete, accurately recorded, processed, and reported.

 

Server Controls

Server controls protect the configuration of server equipment including operating systems. Operating systems include Windows, UNIX, LINUX, or MAC OS X.  Operating systems should be configured to mitigate security exposures.  Sufficient security controls ensure that servers are protected from damage by malicious attacks including worms, viruses, and Trojans.

 

Network Controls

Network controls protect data that is transmitted from one system to another. Network security uses multiple layers of protection including firewalls, routers, intrusion detection software, and encryption.  Network controls ensure that data cannot be stolen or altered during transit.

 

Computer Operation Controls

Computer operation controls safeguard information assets while the data is resident in the ITS Data Center.  The Computer Operations Department monitor and troubleshoot systems to ensure that unexpected problems are resolved promptly and services are restored.  The controls address both software and hardware components.