Page 406 - ITGC_Audit Guides
P. 406
Function: Protect (continued)
Control Activities Assessment
Protection processes are continuously improved.
Effectiveness of protection technologies is shared with appropriate parties.
Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery
and Disaster Recovery) are in place and managed.
Response and recovery plans are tested.
Cybersecurity is included in human resources practices (e.g., deprovisioning, and personnel screening).
A vulnerability management plan is developed and implemented.
Risk Area: Maintenance
Control Objective: Maintenance and repairs of industrial control and information system components is performed
consistently with policies and procedures.
Control Activities Assessment
Maintenance and repair of organizational assets is performed and logged in a timely manner, with
approved and controlled tools.
Remote maintenance of organizational assets is approved, logged, and performed in a manner that
prevents unauthorized access.
Risk Area: Protective Technology
Control Objective: Technical security solutions are managed to ensure the security and resilience of systems and
assets, consistent with related policies, procedures, and agreements.
Control Activities Assessment
Audit/log records are determined, documented, implemented, and reviewed in accordance with policy.
Removable media is protected and its use restricted according to policy.
The principle of least functionality is incorporated by configuring systems to provide only
essential capabilities.
Communication and control networks are protected.
Systems operate in pre-defined functional states to achieve availability (e.g., under duress, under
attack, during recovery, and normal operations).
www.theiia.org Auditing Insider Threat Programs 38
