Internal IT controls are processes implemented by Management to provide reasonable assurance measures are taken to protect the confidentiality and integrity of Syracuse University information system resources and data. The following are high level IT topics with related risks, vulnerabilities and threats, and related control objectives and operational goals:
- IT Management – Overarching IT Policies/Standards/Guidelines
Crouse College and Maxwell Hall in Fall - Audit Trails, Transaction Trails, Logging, and Activity Reports
- Work Stations and Other Digital (Wireless) Devices
- Virtual Machines/Cloud Services
- Physical and Virtual Server Operations (Application, Web, Email)
- Data Base Administration
- Computer Applications and Application Packages (Third Party)
- Network Hardware
- Change Controls, Including Application Software, DBMS Software, and Operating System
- Disaster Recovery, and Business Continuity, for all Critical Processing Systems
- Software Licensing
- Physical Security of Server Rooms and Related Computing Hardware
- Logical Access to Systems and Data/Information Security