Types of Audits/Continuous Monitoring

• Operational

• Financial

• Information Technology

Types of IT Audit Strategies [39]

Compliance Testing Audits - used to determine whether control procedures are being followed.

Substantive Testing Audits - used to determine the integrity of data and other information.

Threat Modeling Frameworks [40]

• OWASP Top 10

• MITRE ATT&CK Framework

• MITRE Common Weakness Enumeration (CWE)

• STRIDE threat modeling

IT Application Controls [41]

According to the InfoSec Institute, "Application controls are controls over the input, processing and output functions. This includes several top-level items:

• Ensure the input data is complete, accurate and valid

• Ensure the internal processing produces the expected results

• Ensure the processing accomplishes the desired tasks

• Ensure output reports are protected from disclosure" [41]

Related Terms