System software controls refer to security measures and protocols that protect an organization's IT infrastructure from unauthorized access, cyber threats, and system failures. Intrusion testing (penetration testing) is a key system software control used to detect vulnerabilities in IT environments.
Correct Answer (D - Performing Intrusion Testing on a Regular Basis)
Intrusion testing is a critical system software security measure that helps identify weaknesses in software configurations and security defenses.
This falls under system software controls because it directly tests the security of operating systems, applications, and network software.
The IIA’s GTAG 11: Developing IT Security Audits highlights penetration testing as a necessary control for system software security.
Why Other Options Are Incorrect:
Option A (Restricting server room access to specific individuals):
This is a physical access control, not a system software control.
Option B (Housing servers away from environmental hazards):
This is an environmental control, focusing on disaster prevention rather than software security.
Option C (Ensuring that all user requirements are documented):
This relates to project documentation and system development, but it does not control software security.
IIA GTAG 11: Developing IT Security Audits – Recommends regular penetration testing as a system software control.
IIA Practice Guide: Auditing IT Security – Discusses system software security measures.
IIA References for Validation:Thus, D is the correct answer because intrusion testing is a core system software control ensuring security.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit