in this video we'll explain what it gc's are share examples of how they work and review the compliance Frameworks that serve as their Foundation if you learn something please be sure to give us a like And subscribe to our Channel Information Technology General controls or it gc's dictate how technology is used in an organization it gc's help prevent breaches data theft and other operational disruptions itc's influence everything from user account creation to password management to application development they prescribe how new software is set up who the admins are how the system is tested and implemented and when security and software updates should take place one important thing to note is that information technology General controls are not the same as application controls itc's govern the use of all systems within a company application controls restrict what users can do within one particular platform itgc can take on many forms but most fall under a few distinct categories so let's review each in detail the first is General it Administration most it gc's fall under the general it umbrella General it controls May refer to how it systems are managed who oversees those systems where the it road map is going how and when to conduct risk assessments and what best practices IT projects should follow access controls are another form it gc's can take itc's should include various methods of preventing unauthorized access and data manipulation coupling robust password management with a least privilege access policy can instantly lower the chances of a Cyber attack full dis encryption is also a common access related itgc because it completely locks devices even while at rest next we have system life cycle controls used to manage application system or Network releases and updates when users don't regularly update their programs they do themselves a disservice and put their companies at risk of an attack that's why many itc's focus on forcing regular updates and consistent monitoring of an organization's applications systems and network service level commitments many companies also Implement patch management tools to automatically deploy patches to the operating systems browsers and applications that are behind schedule physical and environmental secur controls keep a company's data safe from cyber attacks when we think of hackers we often think of a person behind a computer but that's not always the case so it's important to Define and consistently test physical security controls like key badge entry to sensitive areas and intrusion detection systems the last category of itgc is related to data protection and Recovery accidents natural disasters or cyber attacks can happen anytime and without backup or or recovery plans in place companies can lose significant data most companies enact it gc's to minimize data loss through database segregation automated backups and business continuity plans now let's talk about itgc compliance Frameworks to guarantee the highest level of compliance companies lean on three overarching security Frameworks to inform their itc's the first is Koso the committee of sponsoring organ ganizations or Koso framework integrates controls into everyday business processes that validate ethical and transparent operations Koso has five requirements one control environments to uphold industry standard practices and reduce organization's legal exposure two control activities to make sure tasks are carried out in a way that minimizes risk and accomplishes business objectives three information and Communications that help stakeholders understand and comply with with legal requirements such as privacy regulations four monitoring by internal or external Auditors to ensure employees are following existing controls and five risk assessment and management to identify and mitigate as many risks as possible the second framework is cobit the it governance Institute established the control objectives for information technology or cobit framework to outline recommended itgc objectives and approaches the five key cobit principles are one meeting stakeholder needs two covering the Enterprise end to endend three applying a single integrated framework four enabling a holistic approach and five separating governance from management the third framework is ISO ISO 27001 is a framework related to information security and change management ISO 27001 uses a top-down approach with six steps to attain compliance one Define a security policy two Define the scope of the information security management system three conduct a risk assessment four manage identified risks five select control objectives and controls to be implemented and six prepare a statement of applicability without itc's companies struggle with compliance operational and security issues enacting it gc's keeps everyone on track but developing and sustaining them is easier said than done fortunately jump Cloud's capabilities make it Control Management a breeze working from a trust nothing verify everything principle jump Cloud's zero trust security model allows it teams to oversee user access to Applications files networks devices and more all from One Cloud directory platform