Scribd
Upload
33 views

Cyber Security 1 - Internal Controls

This document discusses internal controls and types of controls. It defines internal controls as policies, procedures, or mechanisms designed by an organization's board, management, and personnel to reasonably ensure objectives around operations, reporting, and compliance are achieved. It describes preventative/preventive controls as proactive controls that address risk before it occurs, and detective/corrective controls as reactive controls that address risk after it occurs. The document provides examples of these controls and includes a knowledge check with questions to test understanding.

Uploaded by

Arshia Zamir
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
33 views

Cyber Security 1 - Internal Controls

This document discusses internal controls and types of controls. It defines internal controls as policies, procedures, or mechanisms designed by an organization's board, management, and personnel to reasonably ensure objectives around operations, reporting, and compliance are achieved. It describes preventative/preventive controls as proactive controls that address risk before it occurs, and detective/corrective controls as reactive controls that address risk after it occurs. The document provides examples of these controls and includes a knowledge check with questions to test understanding.

Uploaded by

Arshia Zamir
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Information

/ Cyber Security

Session 1

February 10, 2023


An Internal Control is a policy, procedure or a
Internal Controls
mechanism

A process,
effected by an entity’s board of directors, management, and other
personnel,
designed to provide
reasonable assurance regarding
the achievement of objectives relating to
operations, reporting, and compliance.
Types of Controls

• Preventative / Preventive Controls

• Detective Controls

• Corrective Controls
Tip for
Control
Classification

Pinpoint the TIME AND INTERACTION between control


and risk i.e.

determine whether control design addresses risk


BEFORE or AFTER the risk occurs
Preventative /
Preventive Controls

• Proactive in nature

• Control design addresses risk BEFORE the risk arises


Detective
/ Corrective
Controls

• Reactive in nature

• Control design addresses risk AFTER the risk arises


Differentiating
Detective
/ Corrective
Controls

Detective control:
• Control design IDENTIFIES the materialized risk

Corrective control:
• Control design CORRECTS the materialized risk
Knowledge Check
Question 1:
Knowledge Check

Question 2:
Knowledge Check

Question 3:

What type of security controls are authorization controls?


A. Corrective controls
B. Detective controls
C. Internal controls
D. Preventive controls
Knowledge Check

Question 4:

What type of security controls is Data Backup?


A. Corrective control
B. Detective control
C. Internal control
D. Preventive control
Knowledge Check

Question 5:

What type of security controls is Data Backup?


A. Corrective control
B. Detective control
C. Internal control
D. Preventive control
Knowledge Check

Question 6:
Knowledge Check

Question 7:
Knowledge Check

Question 8:
Knowledge Check

Answers
Question # Answer
1 C
2 B
3 D
4 A
5 A
6 C
7 A
8 C
Thank you and
All the best!

You might also like