Put simply, modern organizations run on computers connected to communications networks, primarily the internet. Therfore, each organization has inheremt risks related to managing the confidentiality, integrity, and availability of its enterprise data network, due to threats taht may arise from inside or outside the network. Some organizations have multiple, separately managed networks, for example when certain business units, subidiaries, or other affliated entities maintain separate virtual domains and physical networks.
Organizations design and implement information technology controls to ensure that information security, service availibily, and system functionality objectives are met effectively and efficiently.
For the internal audit activity to provide valuable assurance and consulting sevices, the auditors should have a reasonable understanding of the controls relevant to meeting an organization's communications needs.
This GTAG includes risk and controls relevant to the "Network" technical domain.