Find Resources & Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

You must be logged in to join this group.

Application Controls

Welcome to the Application Controls topic!

Collaborate, contribute, consume and create knowledge around the design, implementation, and testing of application controls used within or between various IT systems.

ISACA members can participate by clicking on the “Join this Community” button. You must be signed into the site. Set your alerts to be notified of new discussion activity within this community. Not an ISACA member? Join now!

 
This Topic Has:
479 Members
0 Online
0 Visits

Community Leader

Knowledge Center Manager

Knowledge Center Manager

Title: Become a Topic Leader!


 

NEW! Activity Badges

Badges help others understand your level of community activity and your reputation as a contributor within the Knowledge Center. Learn More.

Discussions: 20 total

Must be a Topic member to contribute
View All »
Dear all, In the context of the Global Data Protection Regulation, to initiate the inventory phase does someone have ideas/suggestions on which application controls should be important (primary) to assess?  I had a refresh in the following management guid...
LJA-BE | 6/14/2017 5:10:53 PM | COMMENTS(0)
Good day Does anyone have an audit program for standard application controls that one can amend to suite the application under review? I was only able to find procedures from COBIT 4.1 and am hoping for an updated checklist of some sorts. Any tips on audi...
Sonja078 | 4/3/2017 9:42:42 AM | COMMENTS(3)
The topic area here is application controls, and I wanted to throw out some examples of what can be considered an application control.  Here's a partial list, noting that each application can easily have unique controls that won't be included here.  If ...
Richard Fowler | 4/1/2017 1:15:41 PM | COMMENTS(16)
In case anyone has not seen the SANS CIS Critical Security Controls poster and related information, I just wanted to share this resource: https://www.sans.org/critical-security-controls/controls. Enjoy!
Angela712 | 12/7/2015 10:56:20 AM | COMMENTS(0)
Hello. I'm looking for some recommended key controls for ecommerce. Does anyone have any suggestions? Thanks.
Angela712 | 8/6/2015 3:29:07 AM | COMMENTS(4)
Hi, I'm using Isaca's published "Generic Application Audit/Assurance Program" for my current work. In section 2.2.2.1, dealing with Data edits, there is a use of the term "Initial Edits". can any one please explain what exactly does this term mean in tha...
Shay Berger | 8/5/2015 1:04:11 PM | COMMENTS(2)

Documents & Publications: 6 total

Must be a Topic member to contribute
A very good overview published in ISACA's Journal back in 2002, and still relevent today.
Posted by Richard Fowler 2134 days ago
Books
Implement a systematic approach to security in mobile application development with help from this practical guide that also features case studies, code examples and best practices.
Posted by ISACA 2268 days ago
The IIA has a series of documents called Global Technology Audit Guides ("GTAG"). Although ISACA and the IIA are related organizations, some documents are still for members only. I hope I can still share this overview, however.
Posted by Richard Fowler 2393 days ago

Events & Online Learning: 2 total

21 Sep 2015
ISACA International Event
06010 Mexico City, Panama
La Conferencia Latinoamericana CACS/ISRM
9 Nov 2015
ISACA International Event
Copenhagen, Denmark
Stay on top of the trends and opportunities of the dynamic technology industry at EuroCACS/ISRM —the leading European conference for IT audit, assurance, security and risk professionals.

Journal Articles: 8 total

Volume 5, 2015
by Jason Woods, William Brown, Harry Howe | Reviewed by A. Krista Kivisild, CISA, CA, CPA
How can security professionals evaluate the magnitude of risk and communicate it appropriately to businesses so that they can factor this into their decision making?
Volume 3, 2015
by Andrew Evers
Cloud services deliver many kinds of automation to companies every day. The use of process automation as a cloud-based service is an important next step for IT innovation
Volume 5, 2014
by Biswajit Mohapatra, Vinay Parisa and Joydipto Banerjee
The convergence of social, mobile, analytics and cloud (SMAC) has created a significant change in the value that enterprise applications can provide to business.
Volume 3, 2013
by Dan Bogdanov, Ph.D., and Aivo Kalu, Ph.D., CISA
A cloud is a remote-access platform; thus, technical controls that remotely enforce a particular security policy are especially efficient.
Volume 3, 2013
by Tommie Singleton, CISA, CGEIT, CPA
Every time an IT auditor engages in an IT audit/assurance project, at least one person reviews the work.
Volume 1, 2013
by Pascal A. Bizarro, Ph.D., CISA, Andy Garcia, Ph.D., CPA and Jacob Nix
Risk exists with the implementation of personal mobile devices in business, but with risk comes reward.

Wikis: 2 total

Blog Posts: 8 total

Let us have positive inspirational slogans for every situation. Last week I started the project meeting like this: I don't know you are all so good at tuning the website. The performance is now is wonderful. I could witness reduction of stress, anxiety an...
Posted By : Jayakumar Sundaram | 1 comments
The perception of time passing is a funny thing. It only seems like yesterday that I was still a child and the summer holiday seemed to last a lifetime. And now, here I am somewhat surprised that my complement of fingers and toes are no longer enough to c...
Posted By : martin.oneal | 0 comments
A recent publication in a local newspaper, indicated that an employee was charged with fraud with regards to claims of insurance payments that were lodged with the company were paid out to people who were not entitled to receive such payments. What potent...
Posted By : Paulina.PNI | 2 comments
On March 1st,  I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center. Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : appolloconsulting | 2 comments
Typically application access to a SQL Server database is via one of two methods.  Either all users access the same database using a single (proxy) user which is defined in an initialisation (.INI) file, registry etc. Or the users access the database ...
Posted By : Ian Cooke | 2 comments
Security is one of the major concerns which hold enterprises from embracing the cloud. But some think that this is manageable and as such have started adopting cloud based SaaS applications. Cloud based Enterprise solutions like Sales Force, Service Now, ...
Posted By : Kannan | 0 comments