The key tasks of Security and Technology Management include identifying desirable system controls as defined and documented. This is followed by reviewing implemented system controls by conducting a comprehensive audit of current information systems, identifying controls implemented, and evaluating effectiveness and completeness of control. This is followed by Gap Analysis of the controls which consists of identifying gaps in the controls implemented and the potential weaknesses. Finally recommendations and solutions are presented for improvement and enhancement of the system controls. This essentially involves the following 2 methods.
Business Process Controls & Compliance Management: the method for business process controls includes the following:
Technology Infrastructure Security: the method for assessing technology infrastructure security includes the following: