UC San Diego SearchMenu

Information Technology Security

AMAS provides a relevant, timely, independent, and objective reviews of particular information systems and technology environments.

Expand all

Information Technology Security Audits (ITSA)

ITSA's are a specialized IT review to determine if the information security controls surrounding information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the University's goals and objectives. The reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.

During the course of an ITSA, AMAS frequently uses a Computer Environment Internal Control Questionnaire (ICQ) for the purpose of obtaining IT information and evaluating IT business processes. This ICQ will help to determine the computing environment that exists in the department for processing administrative data and identifying the level of risk associated with that environment; whether a control structure is in place; and assess the adequacy of that control structure in relation to the risk identified.

AMAS will also use several network scanning tools to conduct vulnerability assessments as well as identify computer files that may contain confidential data. The data gathered during a network scan is then evaluated and a remediation process invoked.

Systems development projects

University policy bulletin IS-10 (PDF) defines standards for developing and maintaining computer applications used for administrative purposes.

AMAS provides advice and assistance in the identification and development of adequate system and process controls:

  • Pre-implementation: Validating design elements, controls, processing flow, documentation, etc.
  • Post-implementation: Evaluating working processes, data integrity and security, user interfaces, change control management, policy compliance.

Advisory services

AMAS participates in committees providing a disciplined approach for systems development or process re-engineering.

Policy references:

Expand all