Page 105 - Courses
P. 105
IT Essentials — Assessing Infrastructure and Networks
TOPIC 1: INTRODUCTIONS
Introduction
Analyzing and assessing risks related to IT infrastructure can be complex.
The IT infrastructure is comprised of hardware, software, communications, applications, protocols
and data. Implementation of these components are within the organization’s physical space and
structure, and between the organization and its external environment.
Infrastructure also includes the people interacting with the physical and logical elements of systems.
Networks contain two or more IT hardware components that are connected for the purpose of
sharing information and expanding the organization’s infrastructure. However, they also expose the
organization to additional risk.
Learning Objectives
Recognize key infrastructure and network components.
Determine the appropriateness of devices in the demilitarized zone (DMZ).
Describe the required competencies of internal auditors performing infrastructure and
networking audits.
Identify common infrastructure and network terminology.
Describe the seven layers of the Open Systems Interconnection (OSI) model and the layers of
defense in depth.
Common Terminology
Add Value
Value is provided by improving opportunities to achieve organizational objectives, identifying
operational improvement, and/or reducing risk exposure thorough both assurance and consulting
services.
Board
The highest level governing body (e.g., a board of directors, a supervisory board, or a board of
governors or trustees) charged with the responsibility to direct and/or oversee the organization’s
activities and hold senior management accountable.
Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
