Find Resources & Connect with members on topics that interest you.

Applications

Audit

Business Processes

Career Management

Cloud Computing/Virtualization

COBIT

Controls and Monitoring

Databases

Fraud and Computer Crime

Governance and Management

Industry

Information Security

IT Service Management

Mobile/Wireless

Operating Systems

Privacy/Data Protection

Regulations

Risk

Standards

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

ME - Monitor and Evaluate

Application Controls

Process Controls

Please sign in to see your topics.

You must be logged in to join this group.

AI7.4 - Test Environment

This topic is intended to enable collaboration and sharing of information to facilitate a better understanding and approach to implementing this COBIT control objective based on the risk, value and guidance provided by its corresponding control practices.

COBIT Control Objective AI7.4 - Test Environment is contained within Process Popup Install and Accredit Solutions and Changes.

Learn more about COBIT and related publications.

Click “Join This Community” to be able to actively participate in discussions and contribute content. You must be an ISACA member to join this topic. Join ISACA now.

 
This Topic Has:
3 Members
0 Online
802 Visits

 Recent Discussions

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!

Points: 3

Test Environment

Define and establish a secure test environment representative of the planned operations environment relative to security, internal controls, operational practices, data quality and privacy requirements, and workloads.

View value and Risk Drivers  help

Hide value and Risk Drivers help


Value Drivers

  • Minimised business interruptions in production
   Risk Drivers
  • Insufficient testing using automated test scripts
  • Performance problems undetected
  • System security compromised

View Control Practices  help

Hide Control Practices  help

  1. Ensure that the test environment is representative of the future operating landscape, including likely workload stress, operating systems, necessary application software, database management systems, and network and computing infrastructure found in the production environment.
  2. Ensure that the test environment is secure and incapable of interacting with production systems.
  3. Create a database of test data that are representative of the production environment. Sanitise data used in the test environment from the production environment according to business needs and organisational standards (e.g., consider whether compliance or regulatory requirements oblige the use of sanitised data).
  4. Protect sensitive test data and results against disclosure, including access, retention, storage and destruction. Consider the effect of interaction of organisational systems with those of third parties.
  5. Put in place a process to enable proper retention or disposal of test results, media and other associated documentation to enable adequate review and subsequent analysis as required by the test plan. Consider the effect of regulatory or compliance requirements.

 

Discussions: 0 total

Must be a Topic member to contribute

No Results Found

Documents & Publications: 69 total

Must be a Topic member to contribute
View All »
Books
Effective Project Management: Traditional, Agile, Extreme, 6th Edition
Posted by ISACA 13 days ago
Books
ITIL Service Management: Implementation and Operation
Posted by ISACA 19 days ago
ICQs and Audit Programs
IT Strategic Management Audit/Assurance Program (Dec 2011)
Posted by ISACA 26 days ago
Books
Information Security Roles & Responsibilities Made Easy, Version 3.0
Posted by ISACA 34 days ago
Books
IT Project Management: 30 Steps to Success
Few businesses could function effectively without their IT systems. At the same time, they depend on IT for more than their day-to-day operations.
Posted by ISACA 56 days ago
Books
An Executive Guide to IFRS: Content, Costs and Benefits to Business
International Financial Reporting Standards have been mandatory in the EU since 2005 and are rapidly being adopted by countries throughout the world.
Posted by ISACA 56 days ago
View All »

Events & Online Learning: 7 total

View All »
7 May 2012
ISACA International Event
North America CACS 2012
Orlando, Florida, USA
Get the knowledge you need to stay one step ahead of the competition and keep up with changing professional trends at ISACA’s North America CACS Conference.
More »
Add to my Outlook
12 Jun 2012
ISACA International Event
Training Dallas Texas USA
Dallas, Texas, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
7 Aug 2012
ISACA International Event
Training Chicago Illinois USA 2012
Chicago, Illinois, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
11 Sep 2012
ISACA International Event
Training San Francisco California USA
San Francisco, California, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
2 Oct 2012
ISACA International Event
Training Orlando Florida USA
Orlando, Florida, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
6 Nov 2012
ISACA International Event
Training New York NY USA
New York, New York, USA
ISACA Training is a unique educational event designed to provide the tools you need to maintain, update and upgrade your skills, and to continue your professional development.
More »
Add to my Outlook
Register Now
View All »

Journal Articles: 105 total

View All »
Volume 3, 2012
Project Portfolio Management
by Aarni Heiskanen, LJK
A program or project portfolio explains how an organization is implementing its strategy with projects.
Volume 3, 2012
Cloud Computing as an Integral Part of a Modern IT Strategy
by Kai-Uwe Ruhse, CISA, PCI QSA, and Maria Baturova
This article describes real cloud computing project case studies, which show that moving to the cloud is an important strategic decision for IT managers.
Volume 3, 2012
A Primer on Nonrelational, Distributed Databases for IS Professionals
by Steve Markey
Once thought of as a technology solely for academia, non-RDBMS are now reaching critical mass in industry.
Volume 2, 2012
A Case for a Partnership Between Information Security and Records Information Management
by Kerry A. Anderson, CISA, CISM, CRISC, CGEIT, CISSP, ISSMP, ISSAP, CSSLP, CFE
The closer alignment between RIM and information security may provide an approach to managing increasing data protection concerns and tough privacy regulations rather than maintaining the separation between these critical compliance functions.
Volume 2, 2012
Testing Controls Associated With Data Transfers
by Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CPA
This article addresses some of the IT audit issues associated with data transfers.
Volume 2, 2012
JOnline: Customer Relationship Information Technology Internal Control and Security Framework
by Robbie Sauerberg, Weston Smith and Jonathan Tudor, CCNA
This article first describes the benefits of CRM systems and identifies risk areas inherent in CRM systems that threaten the benefits an organization can receive from a CRM system.
View All »

User Contributed External Links: 0 total

Wikis: 2 total

Blog Posts: 8 total

View All »
17 Aug 2011
IT Security
Posted By : masarker | 0 comments
5 Jul 2011
APT Defense Strategy
APT Defense Strategy   By Kevin J. Murphy, CISSP, CISM, CGEIT September 30, 2010 WHAT IS APT? APT is an acronym for Advance Persistent Threat.  Isn’t that descriptive?  In reality there is a lot behind the APT which might not be that obvious from underst...
Posted By : Kevin J. Murphy | 1 comments
17 Jun 2011
Discover Unstructured processes
These are five possible ways to discover Unstructured Processes. Regulatory and Compliance processes - People-intensive processes that are kicked off as a result of an external regulatory body and these processes tend to be ad-hoc & on-going change, but...
Posted By : Varun | 1 comments
12 May 2011
Welcome to ITGA Blog
ITGA Blog focused IT Governance & IT Architecture Experiences.Here, you will can to learn more about theses topics. Regards,Roberto ArteiroITGA Editor.
Posted By : Roberto Arteiro | 1 comments
17 Feb 2011
Data Protection in the Cloud
There is no shortage of cloud storage providers but the data security story varies widely among them.  How can enterprise customers be assured that their data will remain confidential?  Many cloud storage providers rely on outsourced system administrators...
Posted By : Kevin J. Murphy | 1 comments
21 Dec 2010
Firma del convenio entre PMI Valencia e ISACA Valencia
Se potencia la relación mutua y se acuerda la promoción del Sector TIC de la Comunidad Valenciana. La semana  pasada se llevó a cabo la firma de un convenio de colaboración entre los capítulos valencianos de las asociaciones más importantes a nivel mundia...
Posted By : JavierPeris.Org | 0 comments
View All »
Report An Issue