IT Self-Assessment – Internal Audit Division

NC State Home RESOURCES search ncsu.edu search

Internal Audit Division

Hotline Audit Plan Audit Processes G Campus Tools G

Search... k

Presentations About Us G Related Links

IT Self-Assessment
Self-
Process       Areas Covered Assessment       Best Practices
Tools
i Example: College of
Textiles IT Strategic Plan
i COBIT PO 1.1 IT Value
i Strategic Business
Management
Plan (Compact Plan)
i COBIT PO 1.2 Business-IT
i Organization-wide IT
IT Strategic Alignment
Planning & Organization Strategic Plan Planning i COBIT PO 1.3 Assessment
i IT Value Management
of Current Capability and
i Technology Selection
Performance
i COBIT PO 1.4 Strategic
Plan

i Example: College of
Textiles IT Steering
Committee Charter
i COBIT PO 3.1
Technological Direction
Planning
i COBIT PO 4.3 IT Steering
Committee
i IT Policies and
i COBIT PO 4.6
Procedures

https://internalaudit.ncsu.edu/campus-tools-2/self-assessment-tools/it-self-assessment/[10/31/2019 3:35:51 PM]

IT Self-Assessment – Internal Audit Division

IT Processes, Establishment of Roles

i ITOrganization Roles Organization
Planning & Organization and Responsibilities
and Responsibilities &
i COBIT PO 4.9 Data and
i ITSteering Committee Relationships
System Ownership
and Communication
i COBIT PO 4.11
Segregation of Duties
i COBIT PO 4.13 Key IT
Personnel; COBIT 7.5
Dependence upon
Individual
i COBIT PO 4.15
Relationships

i COBIT PO 5.3 IT
Budgeting; 5.2
Prioritization within IT
Budget
i COBIT PO 6.2 Enterprise
IT Risk and Control
Framework
i COBIT PO 6.3 IT Policies
Management
i COBIT PO 6.4 Policy,
i IT Budgeting and
IT Investment Standard and Procedures
Prioritization
Rollout
i ITSystem Capabilities, (Budgeting),
Risk i COBIT PO 6.5
Planning & Organization Performance and Risk
Assessment, Communication of IT
Assessment
Training and Objectives and Direction
i Training and
Development i COBIT PO 7.4 Personnel
Development Plans
Training
i State Personnel Manual,
Training, Section 9, Page
1 – Personnel Training
And Development
i COBIT PO 9.4 Risk
Assessment; COBIT 9.4
Risk Response
i COBIT PO 10.4

https://internalaudit.ncsu.edu/campus-tools-2/self-assessment-tools/it-self-assessment/[10/31/2019 3:35:51 PM]

IT Self-Assessment – Internal Audit Division

Stakeholder Commitment

i COBIT AI 3.1 Technology

i Infrastructure Plan Infrastructure Acquisition
i Infrastructure Plan
Protection & i COBIT AI 3.2 Infrastructure
Availability Acquire and Resource Protection and
Technology Acquisition and i Technology Maintain Availability
Implementation Technology i COBIT AI 3.3 Infrastructure
Infrastructure
Infrastructure
Maintenance Maintenance
i Computer Equipment i COBIT DS 13.5
Inventory Preventative Maintenance
for hardware

i COBIT AI 6.1 Change

Standards and
Procedures
i COBIT AI 6.2 Impact
Assessment, Prioritization
and Authorization
i Change Management i COBIT AI 6.3 Emergency
Procedures Manage Changes
Technology Acquisition and i Change Impact i COBIT AI 6.4 Change
Change
Implementation
i Plan & Document Process Status tracking and
Changes Reporting
i COBIT AI 6.5 Change
Closure and
Documentation
i COBIT DS 13.5
Preventative Maintenance
for hardware

i University Policies,
Regulations, and Rules
(PRR) REG 04.00.07
i COBIT DS 4.1 IT
Continuity Framework
i COBIT DS 4.2 IT
i Identification and
Continuity Plans
Tracking of Critical
i COBIT DS 4.3 Critical IT

https://internalaudit.ncsu.edu/campus-tools-2/self-assessment-tools/it-self-assessment/[10/31/2019 3:35:51 PM]

IT Self-Assessment – Internal Audit Division

Information Systems
Resources
i Maximum Tolerable
i COBIT DS 4.4
Downtime
Business Maintenance of the IT
i Disaster Avoidance
Continuity & Continuity Plan
Delivery and Support i Interdependency Risks Disaster
i COBIT DS 4.5 Testing of
i Authorized Recovery Recovery
the IT Continuity Plan
Plan
i COBIT DS 5.6 IT
i Recovery Plan Testing
Continuity Plan Training
i Disaster
i COBIT DS 5.8 IT Services
Communication Plan
Recovery and
Resumption
i COBIT DS 4.9 Off Site
Back Up Storage
i COBIT DS 11.5 Backup
and Restoration

i Data Backup Scope,

Frequency and
Retention
i Backup Data Integrity i COBIT DS 4.9 Offsite
i Ongoing Backup Backup Storage
Delivery and Support Process Data Back Up i COBIT DS 11.5 Backup
i Testing Backup Media and Restoration
i Restoration Procedures
i Secure Handling of
Data Backup Media

i Data Center/Server
Room Sites
i Authorized Physical
Access
i Physical Security Off
Hours
i COBIT DS 12.2 Physical
i Visitor Access Control
Security Measures
i Physical Access
i COBIT DS 12.3 Physical
Revocation
Access
i Testing Physical Physical i COBIT DS 12.4 Protect
Access Controls Security and
Against Environmental

https://internalaudit.ncsu.edu/campus-tools-2/self-assessment-tools/it-self-assessment/[10/31/2019 3:35:51 PM]

IT Self-Assessment – Internal Audit Division

Delivery and Support

i Safety of Data Center Environmental
Factors
Occupants Controls
i COBIT DS 12.5 Physical
i Physical Equipment
Facility Management
Protection
i REG 07.40.02 – Reporting
i Adequate
Misuse of State Property
Environmental
Protections (UPS,
humidity, fire
suppression, etc.)
i Data Center/Server
Room Cooling

i Service Level i Example: College of

Identification Textiles Service Level
i Adequate and Agreement
Appropriate Service i PRR REG 05.00.03 –
Level Employees Subject ti the
i Continuous Service State Human Resources
Level Assessment Act
Delivery and Support i Strategic IT Resource Service Level i PRR Employee Time
Distribution Record
i IT Staff review i COBIT DS 1.4 Service
i IT Staff Training and Level Agreements; COBIT
Back Up Personnel DS 1.5 Monitoring and
i IT Staff Vacations Reporting of Service
i IT On-Call Procedures Level Achievements

i COBIT DS 8.1 Service

i Help Desk Support Desk
i Support Call Recording i COBIT DS 8.4 Incident
and Tracking Closure
i Standardized Problem Problem i COBIT DS 10.1
Delivery and Support Resolution Management / Identification and
i Recurring Problems Help Desk Classification of Problems
i Help Desk i COBIT DS 10.2 Problem
Performance tracking and Resolution
Monitoring i COBIT DS 10.3 Problem
Closure

https://internalaudit.ncsu.edu/campus-tools-2/self-assessment-tools/it-self-assessment/[10/31/2019 3:35:51 PM]

IT Self-Assessment – Internal Audit Division

i Logical User
Identification &
Approval i COBIT DS 5.3 Identity
i Uniquely Identifiable Management
User IDs Identity & i COBIT DS 5.4 User
i User Authentication Account Management
Delivery and Support Access
i User Access Rights Management i North Carolina State
i IT Account University Password
Management Standard
i Access Logging and
Accounting

i COBIT DS 5.5 Security

Testing, Surveillance and
Monitoring
i COBIT DS 5.6 Security
Incident Definition
i COBIT DS 5.9 Malicious
i Network Security Software Prevention,
Architecture Detection and Correction
i Secure Access, Secure i COBIT DS 5.10 Network
Network and
Data Storage and Data Security, Security
Secure and Security i COBIT DS 5.11 Exchange
Delivery and Support Communication Testing, of Sensitive Data
i Data Retention i COBIT DS 11.4 Disposal
Monitoring,
i Security Testing and Incidence i COBIT DS 11.6 Security
i IT Monitoring & Response Requirements for Data
Surveillance Management
i Incidence Response i Data Management
Procedures – REG
08.00.03
i State Information
Technology Standard –
Standards for Clearing or
Destroying Media

i Secure Platform
i Security Configuration
Baseline

https://internalaudit.ncsu.edu/campus-tools-2/self-assessment-tools/it-self-assessment/[10/31/2019 3:35:51 PM]

IT Self-Assessment – Internal Audit Division

i Malware Protection
i Patch Management
i Sensitive Web
Application
Identification
i Web Security
Standards Operating i COBIT DS 5.9 Malicious
i Secure Front-end Software Prevention,
System (OS),
Delivery and Support Access Web and User Detection and Correction
i Website Security Endpoint i NIST 800-53 AT-2 Security
Testing Security Awareness
i Secure End-user
Computers
i Antivirus & Anti-
malware Protection
i Desktop Firewalls
i Secure Network Share
i Endpoint Encryption
i Endpoint Patch
Management

i COBIT ME 1.1 Monitoring

Approach
i COBIT ME 1.4
i Measurable Objectives Performance Assessment
for Key IT Processes i COBIT ME 1.5 Board and
i IT Performance Monitoring Executive Reporting
Reports and
i COBIT ME 1.6 Remedial
Monitor and Evaluate
i Compliance Evaluation
Evaluating IT
Actions
Performance
Process i COBIT ME 3.3 Evaluation
i IT Strategic Alignment of Compliance with
External Requirements
i COBIT ME 4.2 Strategic
Alignment

Hotline
https://internalaudit.ncsu.edu/campus-tools-2/self-assessment-tools/it-self-assessment/[10/31/2019 3:35:51 PM]
IT Self-Assessment – Internal Audit Division

CLICK HERE to access our HOTLINE and

report any activity you suspect may result in non-compliance with federal, state, or university
requirements; waste, fraud, or abuse of state or university assets; or, a violation of law or the
university's values and ethics.

Internal Audit Division

10 Watauga Club Dr.
317 Peele Hall
Campus Box 7202
Raleigh, NC 27695-7202

919.515.8864
919.513.2122 (fax)

i About the Site

i Accessibility
i Emergency Information
i Jobs
i My Pack Portal

i Policies
i Privacy
i Strategic Plan
i Think and Do
i University Calendar

Campus Map

https://internalaudit.ncsu.edu/campus-tools-2/self-assessment-tools/it-self-assessment/[10/31/2019 3:35:51 PM]

IT Self-Assessment – Internal Audit Division

Internal Audit Division

Copyright © 2019 · NC State University · Accessibility · Privacy · University Policies · Log in

https://internalaudit.ncsu.edu/campus-tools-2/self-assessment-tools/it-self-assessment/[10/31/2019 3:35:51 PM]