This tool outlines the business risks associated with inappropriate access to systems, data or information and suggests ...

Boards of directors need to ensure that the organizations they serve are improving their cybersecurity capabilities cont...

This issue of Board Perspectives summarizes 10 practices that will help management and directors maximize the value deri...

This sample questionnaire evaluates the effectiveness of computer operations management in an organization. Computer ope...

This sample policy provides guidelines for securing user information.

This audit work program includes test steps in the areas of documentation, logging, monitoring and user pool for VPN adm...

This policy defines the standard security settings utilized on a company's servers.

This memo outlines minimum IT controls around user access, change control, backup, privacy, licenses and document retent...

This Sarbanes-Oxley process memo informs and prepares business process control managers to engage in “walkthrough” discu...

This review focuses on the configurable application controls, application security, and segregation of duties for the ac...

This document outlines risks and controls common to the "manage IT assets" process in an RCM format.

This memo documents low-risk opportunities in the network infrastructure environment identified during an internal audit...