Auditing IT Controls

Auditing IT Controls

Question 1

Some of the terms and concepts that are important in the management of IT risks, providing IT assurance and making use of appropriate HCI principles in IT operations include;

  1. Risk – By knowing what risk is, I’ll be able to know how to manage it.
  2. Controls – It is crucial given that effective controls can mitigate threats.
  3. Assurance is crucial as it tells us how to make information secure and also assists in managing risks.
  4. Users are essential since Human Computer Interaction is centered on the manner in which users relate with computers.
  5. Standards are important as they assist in managing of IT risks
  6. User interface is important as it forms a platform for the interaction of users and computers.
  7. Assets are critical given that they what is required be secured from unauthorized access.
  8. Computers are what users use
  9. Vulnerabilities need to be recognized to succeed in managing risks efficiently.
  10. Framework is critical as it is the manner in which IT governance goals get organized.


Question 2

During an analytical approach, a lot of research and time if needed in the evaluation of the manner in which a center is operating. Despite the method being famous, it is likely to be the most boring. With the heuristic approach, it is possible to resonate with new managers and directors of IT. Once the director is able to connect a panel of center representative he or she can evaluate and reach a conclusion concerning what’s working well and what requires being modifies. This forms the foundation of the heuristic approach. The approach aims at finding a solution to the productivity of the center. The person who is likely to get affected is taken care of through the HCI. Through the assistance of trial and error, the evaluation will understand the issues afflicting the center and exhibit the existing alternatives for the operation to succeed. During this evaluation, it is possible to assess IT assurance.

It is important to keep an eye on the effectiveness of password reset to guarantee the operations of the center are effectively appealed. Being able to test and fail with no major hindrance or liability will give room for more liberty to discover the flawless equilibrium between policies that are implemented and effectiveness of operations. To finish the current report and with assistance of the panel, other testing aimed at assessing how rapidly the password change is executed, the rate of password change needed, and usefulness of password change within the given time need to be implemented.

In conclusion, the heuristic approach makes it possible for IT director to test various approaches to quick and actual password changes which do not interfere with the policies and productivity of the center. With the trial and error approach in place, mistakes which could be made during operational success given that the accountability level if highly compromised.


Question 4

People who have used computers are familiar with viruses or might have lost data at some point. The reaction that follows after such reaction of an individual can be easily predicted; one can panic, get frustrated, or feel helpless. An incident that occurred to me recently, my laptop wanted to restart but I kept skipping the restarting, at some point when I was almost finishing my homework I failed to skip and the computer restarted without giving me a chance to save my work. It was disastrous and by bad luck I was not able to apply any of the recommendation the book presents. Had I implemented any of the recommendations, it could have been safer for me. I did not do any risk assessment, system monitoring, or provision of alternative plan. I lost a lot of information and it was quite unfortunate for me to start the work again.  Despite all that it prepared me on how to handle updates whenever need arises. Now, I know how to monitor and recognize messages that pop-up, continuously save any of my work, avail regular updates of my work by channels such as emails and always assess my laptop’s performance. Through these IT governance framework aspects, then am guaranteed to avoid any challenges likely to happen.

Question 5

Some of the recommendations include allowing personnel to make lively comments and enhance contributions to IT activities; in case employees fully take part in an enterprise’s daily activities, the IT manager will find it easier to apply fresh changes related to IT and establish innovative idea to expand the IT and HCI network. I will recommend that the executive be invited to follow the password reset policy for the center and assess if it is an approach that can be relied on; I trust the password reset policy conform to the centers requirements. I will recommend creation of a program which is likely to represent and enlighten how to endure all