Talal Abu Ghazaleh Information Technology International (TAG-ITI) provided its services in IT Audit & information security to Integrated Telecom Company (ITC)

Riyadh - Talal Abu Ghazaleh Information Technology International (TAG-ITI) provided its services in IT Audit & information security to Integrated Telecom Company (ITC) .

The scope of work covered ITC's IT infrastructure and will help ensure that it is in line with internationally accepted IT security practices.

Mr. Samir Abu Rass, TAG-ITI’s Manager said that ITC has shown great confidence in our abilities to help them improve their IT security practices and infrastructure. Our work will involve independently reviewing the IT security controls they have in place and identifying areas of improvement in ITC's people, processes and technology, using techniques that anyone intending to cause malicious harm would use. This will allow us to effectively assess their IT security posture by using the latest vulnerability assessment tools and methodologies. "

He went onto say "In addition to technical vulnerability assessment of the infrastructure, ITC have also requested that we review their IT policies, procedures and IT work environment in line with best practices such as the General Computer Controls under the COBIT5 framework issued by ISACA." GCC controls cover areas within  IT departments that are audited against to ensure good practice is being followed as part of their IT governance effort . Areas that are covered within a GCC audit include:

Information Technology Controls

Change and Patch Management Controls

Managing and Auditing IT Vulnerabilities

Information Technology Outsourcing

Auditing Application Controls

Identity and Access Management

Business Continuity Management

Information Security Governance

He continued by saying "Such work is extremely valuable and helps IT teams to independently identify threats their infrastructure is exposed to. This in turn helps them to focus their IT expenditure on areas which are in most need and also provides higher management with valuable reporting from a reputable third party. IT has become like any other management domain which requires organizations to have the people, processes and technologies in place to provide proper IT governance and ensure that IT is aligned with business demands. "