A new attack involves hacking into medical records and then offering these records for sale on the black market. A medical recor
ds company in Brazil learned of this attack and has built controls into its systems to prevent hackers from accessing its systems. This is an IT application of the COSO principle of _______ and evidences _______ controls.
Considering the scenario explained in the question, it can be concluded that This is an IT application of the COSO principle of CONTROL ACTIVITIES and evidence PREVENTIVE controls.
In this case, the Control Activities which is one of the five principles of COSO (Committee of Sponsoring Organizations of the Treadway Commission) is a means of selecting and developing general control over technology, through strategies and techniques. This is what the medical records company did by building controls into its systems to prevent hackers from accessing its system.
This is an example of internal CONTROL ACTIVITIES that illustrates PREVENTIVE control against potential risks or hacks.
