Information

/ Cyber Security

Session 1

February 10, 2023

 An Internal Control is a policy, procedure or a
Internal Controls
mechanism

A process,
effected by an entity’s board of directors, management, and other
personnel,
designed to provide
reasonable assurance regarding
the achievement of objectives relating to
operations, reporting, and compliance.
 Types of Controls

• Preventative / Preventive Controls

• Detective Controls

• Corrective Controls
 Tip for
Control
Classification

Pinpoint the TIME AND INTERACTION between control

and risk i.e.

determine whether control design addresses risk

BEFORE or AFTER the risk occurs
 Preventative /
Preventive Controls

• Proactive in nature

• Control design addresses risk BEFORE the risk arises

 Detective
/ Corrective
Controls

• Reactive in nature

• Control design addresses risk AFTER the risk arises

 Differentiating
Detective
/ Corrective
Controls

Detective control:
• Control design IDENTIFIES the materialized risk

Corrective control:
• Control design CORRECTS the materialized risk
 Knowledge Check
Question 1:
 Knowledge Check

Question 2:
 Knowledge Check

Question 3:

What type of security controls are authorization controls?

A. Corrective controls
B. Detective controls
C. Internal controls
D. Preventive controls
 Knowledge Check

Question 4:

What type of security controls is Data Backup?

A. Corrective control
B. Detective control
C. Internal control
D. Preventive control
 Knowledge Check

Question 5:

What type of security controls is Data Backup?

A. Corrective control
B. Detective control
C. Internal control
D. Preventive control
 Knowledge Check

Question 6:
 Knowledge Check

Question 7:
 Knowledge Check

Question 8:
 Knowledge Check

Answers
Question # Answer
1 C
2 B
3 D
4 A
5 A
6 C
7 A
8 C
Thank you and
All the best!