Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

AI7.4 - Test Environment

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective AI7.4 - Test Environment is contained within Process Popup Install and Accredit Solutions and Changes.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
3 Members
0 Online
802 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Points: 3


Test Environment

Define and establish a secure test environment representative of the planned operations environment relative to security, internal controls, operational practices, data quality and privacy requirements, and workloads.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Minimised business interruptions in production
  Risk Drivers
  • Insufficient testing using automated test scripts
  • Performance problems undetected
  • System security compromised

View Control Practices  help

Hide Control Practices  help

  1. Ensure that the test environment is representative of the future operating landscape, including likely workload stress, operating systems, necessary application software, database management systems, and network and computing infrastructure found in the production environment.
  2. Ensure that the test environment is secure and incapable of interacting with production systems.
  3. Create a database of test data that are representative of the production environment. Sanitise data used in the test environment from the production environment according to business needs and organisational standards (e.g., consider whether compliance or regulatory requirements oblige the use of sanitised data).
  4. Protect sensitive test data and results against disclosure, including access, retention, storage and destruction. Consider the effect of interaction of organisational systems with those of third parties.
  5. Put in place a process to enable proper retention or disposal of test results, media and other associated documentation to enable adequate review and subsequent analysis as required by the test plan. Consider the effect of regulatory or compliance requirements.

 

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 69 total

Must be a Topic member to contribute
View All »
Books
Posted by ISACA 19 days ago
ICQs and Audit Programs
Posted by ISACA 26 days ago
Books
Few businesses could function effectively without their IT systems. At the same time, they depend on IT for more than their day-to-day operations.
Posted by ISACA 56 days ago
Books
International Financial Reporting Standards have been mandatory in the EU since 2005 and are rapidly being adopted by countries throughout the world.
Posted by ISACA 56 days ago

Events & Online Learning: 7 total

7 May 2012
ISACA International Event
Orlando, Florida, USA
Get the knowledge you need to stay one step ahead of the competition and keep up with changing professional trends at ISACA’s North America CACS Conference.
12 Jun 2012
ISACA International Event
Dallas, Texas, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
7 Aug 2012
ISACA International Event
Chicago, Illinois, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
11 Sep 2012
ISACA International Event
San Francisco, California, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
2 Oct 2012
ISACA International Event
Orlando, Florida, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
6 Nov 2012
ISACA International Event
New York, New York, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.

Journal Articles: 105 total

Volume 3, 2012
by Aarni Heiskanen, LJK
A program or project portfolio explains how an organization is implementing its strategy with projects.
Volume 3, 2012
by Kai-Uwe Ruhse, CISA, PCI QSA, and Maria Baturova
This article describes real cloud computing project case studies, which show that moving to the cloud is an important strategic decision for IT managers.
Volume 3, 2012
by Steve Markey
Once thought of as a technology solely for academia, non-RDBMS are now reaching critical mass in industry.
Volume 2, 2012
by Kerry A. Anderson, CISA, CISM, CRISC, CGEIT, CISSP, ISSMP, ISSAP, CSSLP, CFE
The closer alignment between RIM and information security may provide an approach to managing increasing data protection concerns and tough privacy regulations rather than maintaining the separation between these critical compliance functions.
Volume 2, 2012
by Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CPA
This article addresses some of the IT audit issues associated with data transfers.
Volume 2, 2012
by Robbie Sauerberg, Weston Smith and Jonathan Tudor, CCNA
This article first describes the benefits of CRM systems and identifies risk areas inherent in CRM systems that threaten the benefits an organization can receive from a CRM system.

Wikis: 2 total

Blog Posts: 8 total

17 Aug 2011
Posted By : masarker | 0 comments
APT Defense Strategy   By Kevin J. Murphy, CISSP, CISM, CGEIT September 30, 2010 WHAT IS APT? APT is an acronym for Advance Persistent Threat.  Isn’t that descriptive?  In reality there is a lot behind the APT which might not be that obvious from underst...
Posted By : Kevin J. Murphy | 1 comments
These are five possible ways to discover Unstructured Processes. Regulatory and Compliance processes - People-intensive processes that are kicked off as a result of an external regulatory body and these processes tend to be ad-hoc & on-going change, but...
Posted By : Varun | 1 comments
12 May 2011
ITGA Blog focused IT Governance & IT Architecture Experiences.Here, you will can to learn more about theses topics. Regards,Roberto ArteiroITGA Editor.
Posted By : Roberto Arteiro | 1 comments
There is no shortage of cloud storage providers but the data security story varies widely among them.  How can enterprise customers be assured that their data will remain confidential?  Many cloud storage providers rely on outsourced system administrators...
Posted By : Kevin J. Murphy | 1 comments
Se potencia la relación mutua y se acuerda la promoción del Sector TIC de la Comunidad Valenciana. La semana  pasada se llevó a cabo la firma de un convenio de colaboración entre los capítulos valencianos de las asociaciones más importantes a nivel mundia...
Posted By : JavierPeris.Org | 0 comments