Control Intelligence

Cybersecurity & Network Security

Firewall rules, vulnerability management, endpoint protection, and security monitoring.

Sub-Process Score
56/ 100
Needs Improvement
6/10 responses received
View AI AnalysisBack

Control Objectives (2)

IT-CS-01
COSO P11ICFR.ITGC.CS.01IIA IV.10.2
Vulnerability scans are performed monthly on in-scope financial systems and critical findings are remediated within SLA.
Risk: Unpatched vulnerabilities enable unauthorized access to financial data.
Assessment Questions (3)
  • 01Monthly vulnerability scans cover all in-scope systems.
  • 02Critical/high findings have a documented remediation SLA (e.g. 30 days).
  • 03Exception requests for deferred patching require CISO approval.
IT-CS-02
COSO P11ICFR.ITGC.CS.02IIA IV.10.2
Multi-factor authentication is enforced for all privileged and remote access to financial systems.
Risk: Single-factor credentials are easily compromised.
Assessment Questions (3)
  • 01MFA is enabled for all admin/privileged accounts.
  • 02MFA is required for VPN and remote desktop access.
  • 03MFA exceptions are documented and reviewed quarterly.