IT Auditing for the Business Auditor

COBIT 5.0

IT General Controls

"The Cloud"

IT Speak

Reporting

100

Covering the enterprise end to end

What is a principle of COBIT

100

Redundant Circuits, HVAC, Clean Power

What are Data Center Controls?

100

Amazon Web Services

What is the Public Cloud?

100

WAP

What is a wireless access point?

100

Payroll processors, medical claims processors, data center companies, software as a service companies

What is a SOC 1 Report?

200

EDM

What is evaluate, direct, and monitor?

200

Least Privilege Model, use of open standards, enforce input controls

What are software development life cycle controls?

200

Private on prem + private cloud + 3rd party public cloud

What is the hybrid cloud?

200

SAN

What is a storage area network?

200

Internal controls related to privacy, security, availability, processing integrity, confidentiality

What is a SOC 2 report?

300

BAI

What is build, acquire, implement?

300

No changes in PROD

What is Change Control?

300

Operated by one company

What is the private cloud?

300

DMZ

What is the demilitarized zone?

300

Marketing Document

What is a SOC 3 Report?

400

DSS

What is deliver, service and support?

400

Recovery point objective, recovery time objective

What are back and recovery controls?

400

Organizations retain control over sensitive data

What is the Hybrid Cloud?

400

OSI

What is Open Systems Interconnection?

400

What are the number of SOC reports?

500

Identify and classify problems

What is Management Domain DSS 03?

500

Biometric devices, physical security, unique credentials

What are access controls?

500

Based on standard cloud computing

What is the Public cloud?

500

IPS

What is intrusion prevention system?

500

Standard Operating Controls

What is SOC?