Data Analysis Producer

subject matter : form an opinion - evaluate : sufficient and appropriate evidence - fairly stated in all material respects - Fair presentation of Mgt's description - suitability of the design SOC2 engagement - 5 criteria - confidentiality - availability - processing integrity - privacy - security foaming opinion - present faily by mgt - design effectively - Type 2 : specified period of time wha..

SOC ; System and Organizational Controls SOC engagement : Outsourcing -User Entity : utilize -Service Organization : provideSOC1 : Internal control over Financial reporting SOC2 : focus on Trust Service Criteria SOC3 : focus on Trust Service Criteria for General Use Report SOC3 does not include - a description of the system - a descruption of the service auditor's tests of controls Type1 : desi..

IRP: Incident Response Plan - method : detection, response timeline and incident response team's responsibilities - contents : mission, size, structure, and operatinal functions - NIST : Roadmap, definition of computer security, organizational structure, priortization or severity ratings of incidents, internal and external communication methods - Detection : Vulnerability scanning software, An..

Privacy : rights of an individual Confidentiality : information gathered by the Company, System or individuals Confidentiality : - NIST defines - including personal privacy, proprietary information - PII(Personal Idenifiable Information) - identify an individual - SSN(Social Security Number) : identification numbers - confirm the data is accurate, relevant, timely, and complete Privacy : - hum..

Security Assessments - protect cyberattacks, for internal control - establish risk mgt framework - assess and respond to threats on a continuous basis Risk Mgt Framework - NIST : National Institute of Standards and Technology(NIST) provides a framework - 4 main component : - FARM : Framework -Assesing - Responding - Monitoring -> risk Assess Risk - Vulnerabilities : severity of impact - likeli..

Password Management - long, frequently change, complexity - Hashing : one-way -- Salting : makes cracking passwords significantly harder - 45 to 90 days - 12 or more characters Provisioning - grant, remove user Device Authentication : authenticate phone number, connect to device authenticate Vulnerability Management - proactive security practice - detect and monitor - Vulnerability Tools - NIST..

1. COSO(Committee of Sponsoring Organizations) ORC : Operational/ Reporting/ Compliance Objectives CRIME - Control Environment : policy, guidance, role - Risk Assessment : analize cyber risk and the magnitude of their impact - Control Activities (Existing) : policies and procedures - Information and Communication : FACT - Fair, Accurate, Complete, and Timely / Business impact analysis, Employess..