System software controls refer to security measures and protocols that protect an organization's IT
infrastructure from unauthorized access, cyber threats, and system failures. Intrusion testing
(penetration testing) is a key system software control used to detect vulnerabilities in IT
environments.
Correct Answer (D - Performing Intrusion Testing on a Regular Basis)
Intrusion testing is a critical system software security measure that helps identify weaknesses in
software configurations and security defenses.
This falls under system software controls because it directly tests the security of operating systems,
applications, and network software.
The IIA’s GTAG 11: Developing IT Security Audits highlights penetration testing as a necessary control
for system software security.
Why Other Options Are Incorrect:
Option A (Restricting server room access to specific individuals):
This is a physical access control, not a system software control.
Option B (Housing servers away from environmental hazards):
This is an environmental control, focusing on disaster prevention rather than software security.
Option C (Ensuring that all user requirements are documented):
This relates to project documentation and system development, but it does not control software
security.
IIA Reference for Validation:
IIA GTAG 11: Developing IT Security Audits – Recommends regular penetration testing as a system
software control.
IIA Practice Guide: Auditing IT Security – Discusses system software security measures.
Thus, D is the correct answer because intrusion testing is a core system software control ensuring
security.
