AUD105-2nd Edition. Auditor s Guide to IT - 20 hours. Objectives

Size: px
Start display at page:

Download "AUD105-2nd Edition. Auditor s Guide to IT - 20 hours. Objectives"

Transcription

1 AUD105-2nd Edition Auditor s Guide to IT - 20 hours Objectives More and more, auditors are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments. As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. With a complimentary student's version of the IDEA Data Analysis Software CD, Auditor's Guide to IT Auditing empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls. CHAPTER 1 Technology and Audit Course Outline After completing Chapter 1, you should comprehend the following: 1. Technology and Audit 2. Batch and On-Line Systems 3. Electronic Data Interchange 4. Electronic Business 5. Cloud Computing

2 CHAPTER 2 IS Audit Function Knowledge After completing Chapter 2, you should comprehend the following: 1. Information Systems Auditing 2. What Is Management? 3. Management Process 4. Understanding the Organization s Business 5. Establishing the Needs 6. Identifying Key Activities 7. Establish Performance Objectives 8. Decide the Control Strategies 9. Implement and Monitor the Controls 10. Executive Management s Responsibility and Corporate Governance 11. Audit Role 12. Conceptual Foundation 13. Professionalism within the IS Auditing Function 14. Relationship of Internal IS Audit to the External Auditor 15. Relationship of IS Audit to Other Company Audit Activities 16. Audit Charter 17. Charter Content 18. Outsourcing the IS Audit Activity 19. Regulation, Control, and Standards CHAPTER 3 IS Risk and Fundamental Auditing Concepts After completing Chapter 3, you should comprehend the following: 1. Computer Risks and Exposures 2. Effect of Risk 3. Audit and Risk 4. Audit Evidence 5. Conducting an IT Risk Assessment Process 6. NIST SP Framework 7. ISO The "Cascarino Cube" 9. Reliability of Audit Evidence 10. Audit Evidence Procedures 11. Responsibilities for Fraud Detection and Prevention CHAPTER 4 Standards and Guidelines for IS Auditing

3 After completing Chapter 4, you should comprehend the following: 1. IIA Standards 2. Code of Ethics 3. Advisory 4. Aids 5. Standards for the Professional Performance of Internal Auditing 6. ISACA Standards 7. ISACA Code of Ethics 8. COSO: Internal Control Standards 9. BS 7799 and ISO 17799: IT Security 10. NIST 11. BSI Baselines CHAPTER 5 Internal Controls Concepts Knowledge After completing Chapter 5, you should comprehend the following: 1. Internal Controls 2. Cost/Benefit Considerations 3. Internal Control Objectives 4. Types Of Internal Controls 5. Systems of Internal Control 6. Elements of Internal Control 7. Manual and Automated Systems 8. Control Procedures 9. Application Controls 10. Control Objectives and Risks 11. General Control Objectives 12. Data and Transactions Objectives 13. Program Control Objectives 14. Corporate IT Governance 15. COSO and Information Technology 16. Governance Frameworks CHAPTER 6 Risk Management of the IS Function After completing Chapter 6, you should comprehend the following: 1. Nature of Risk 2. Risk Analysis Softward 3. Auditing in General

4 4. Elements of Risk Analysis 5. Defining the Audit Universe 6. Computer System Threats 7. Risk Management CHAPTER 7 Audit Planning Process After completing Chapter 7, you should comprehend the following: 1. Benefits of an Audit Plan 2. Structure of the Plan 3. Types of Audit CHAPTER 8 Audit Management After completing Chapter 8, you should comprehend the following: 1. Planning 2. Audit Mission 3. IS Audit Mission 4. Organization of the Function 5. Staffing 6. IT Audit as a Support Function 7. Planning 8. Business Information Systems 9. Integrated IT Auditor vs Integrated IT Audit 10. Auditees as Part of the Audit Team 11. Application Audit Tools 12. Advanced Systems 13. Specialist Auditor 14. IS Audit Quality Assurance CHAPTER 9 Audit Evidence Process After completing Chapter 9, you should comprehend the following: 1. Audit Evidence 2. Audit Evidence Procedures 3. Criteria for Success 4. Statistical Sampling 5. Why Sample?

5 6. Judgmental (or Non-Statistical) Sampling 7. Statistical Approach 8. Sampling Risk 9. Assessing Sampling Risk 10. Planning a Sampling Application 11. Calculating Sample Size 12. Quantitative Methods 13. Project Scheduling Techniques 14. Simulations 15. Computer Assisted Audit Solutions 16. Generalized Audit Software 17. Application and Industry-Related Audit Software 18. Customized Audit Software 19. Information Retrieval Software 20. Utilities 21. On-Line Inquiry 22. Conventional Programming Languages 23. Microcomputer-Based Software 24. Test Transaction Techniques CHAPTER 10 Audit Reporting Follow-up After completing Chapter 10, you should comprehend the following: 1. Audit Reporting 2. Interim Reporting 3. Closing Conferences 4. Written Reports 5. Clear Writing Techniques 6. Preparing To Write 7. Basic Audit Report 8. Executive Summary 9. Detailed Findings 10. Polishing the Report 11. Distributing the Report 12. Follow-Up Reporting 13. Types of Follow-Up Action CHAPTER 11 Management After completing Chapter 11, you should comprehend the following:

6 1. IT Infrastructures 2. Project-Based Functions 3. Quality Control 4. Operations and Production 5. Technical Services 6. Performance Measurement and Reporting 7. Measurement Implementation CHAPTER 12 - Strategic Planning After completing Chapter 12, you should comprehend the following: 1. Strategic Management Process 2. Strategic Drivers 3. New Audit Revolution 4. Leveraging IT 5. Business Process Re-Engineering Motivation 6. IT as an Enabler of Re-Engineering 7. Dangers of Change 8. System Models 9. Information Resource Management 10. Strategic Planning for IT 11. Decision Support Systems 12. Steering Committees 13. Strategic Focus 14. Auditing Strategic Planning 15. Design the Audit Procedures CHAPTER 13 - Management Issues After completing Chapter 13, you should comprehend the following: 1. Privacy 2. Copyrights, Trademarks, and Patents 3. Ethical Issues 4. Corporate Codes of Conduct 5. IT Governance 6. Sarbanes-Oxley Act 7. Payment Card Industry Data Security Standards 8. Housekeeping

7 CHAPTER 14 - Support Tools and Frameworks After completing Chapter 14, you should comprehend the following: 1. General Frameworks 2. COSO: Internal Control Standards 3. Other Standards 4. Governance Frameworks CHAPTER 15 - Governance Techniques After completing Chapter 15, you should comprehend the following: 1. Change Control 2. Problem Management 3. Auditing Change Control 4. Operational Reviews 5. Performance Measurement 6. ISO 9000 Reviews CHAPTER 16 - Information Systems Planning After completing Chapter 16, you should comprehend the following: 1. Stakeholders 2. Operations 3. Systems Development 4. Technical Support 5. Other System Users 6. Segregation of Duties 7. Personnel Practices 8. Object-Oriented Systems Analysis 9. Enterprise Resource Planning 10. Cloud Computing CHAPTER 17 - Information Management and Usage After completing Chapter 17, you should comprehend the following: 1. What Are Advanced Systems? 2. Service Delivery and Management

8 3. Computer Assisted Audit Tools and Techniques CHAPTER 18 - Development, Acquisition, and Maintenance of Information Systems After completing Chapter 18, you should comprehend the following: 1. Programming Computers 2. Program Conversions 3. No Thanks Systems Development Exposures 4. Systems Development Controls 5. Systems Development Life Cycle Control: Control Objectives 6. Micro-Based Systems 7. Cloud Computing Applications CHAPTER 19- Impact of Information Technology on the Business Processes and Solutions After completing Chapter 19, you should comprehend the following: 1. Impact 2. Continuous Monitoring 3. Business Process Outsourcing 4. E-Business CHAPTER 20 - Software Development After completing Chapter 20, you should comprehend the following: 1. Developing a System 2. Change Control 3. Why Do Systems Fail? 4. Auditor's Role in Software Development CHAPTER 21 - Audit and Control of Purchased Packages After completing Chapter 21, you should comprehend the following: 1. IT Vendors 2. Request For Information

9 3. Requirements Definition 4. Request For Proposal 5. Installation 6. Systems Maintenance 7. Systems Maintenance Review 8. Outsourcing 9. SAS 70 Reports CHAPTER 22 - Audit Role in Feasibility Studies and Conversions After completing Chapter 22, you should comprehend the following: 1. Feasibility Success Factors 2. Conversion Success Factors CHAPTER 23 - Audit and Development of Application Controls After completing Chapter 23, you should comprehend the following: 1. What Are Systems? 2. Classifying Systems 3. Controlling Systems 4. Control Stages 5. Control Objectives of Business Systems 6. General Control Objectives 7. CAATS and their Role in Business Systems Auditing 8. Common Problems 9. Audit Procedures 10. CAAT Use in Non-Computerized Areas 11. Designing an Appropriate Audit Program CHAPTER 24 - Technical Infrastructure After completing Chapter 24, you should comprehend the following: 1. Auditing the Technical Infrastructure 2. Infrastructure Changes 3. Computer Operations Controls 4. Operations Exposures 5. Operations Controls 6. Personnel Controls

10 7. Supervisory Controls 8. Information Security 9. Operations Audits CHAPTER 25 - Service Center Management After completing Chapter 25, you should comprehend the following: 1. Private Sector Preparedness (PS Prep) 2. Continuity Management and Disaster Recovery 3. Managing Service Center Change CHAPTER 26 - Information Assets Security Management After completing Chapter 26, you should comprehend the following: 1. What Is Information Systems Security? 2. Control Techniques 3. Workstation Security 4. Physical Security 5. Logical Security 6. User Authentication 7. Communications Security 8. Encryption 9. How Encryption Works 10. Encryption Weaknesses 11. Potential Encryption 12. Data Integrity 13. Double Public Key Encryption 14. Steganography 15. Information Security Policy CHAPTER 27 - Logical Information Technology Security After completing Chapter 27, you should comprehend the following: 1. Computer Operating Systems 2. Tailoring the Operating System 3. Auditing the Operating System 4. Security 5. Criteria

11 6. Security Systems: Resource Access Control Facility 7. Auditing RACF 8. Access Control Facility 2 9. Top Secret 10. User Authentication 11. Bypass Mechanisms 12. Security Testing Methodologies CHAPTER 28 - Applied Information Technology Security After completing Chapter 28, you should comprehend the following: 1. Communications and Network Security 2. Network Protection 3. Hardening the Operating Environment 4. Client Server and Other Environments 5. Firewalls and Other Protection Resources 6. Intrusion Detection Systems CHAPTER 29 - Physical and Environmental Security After completing Chapter 29, you should comprehend the following: 1. Control Mechanisms 2. Implementing the Controls CHAPTER 30 - Protection of the Information Technology Architecture and Assets: Disaster Recovery Planning After completing Chapter 30, you should comprehend the following: 1. Risk Reassessment 2. Disaster Before and After 3. Consequences of Disruption 4. Where to Start 5. Testing the Plan 6. Auditing the Plan CHAPTER 31 Insurance

12 After completing Chapter 31, you should comprehend the following: 1. Insurance 2. Self-Insurance CHAPTER 32 - Auditing E-commerce Systems After completing Chapter 32, you should comprehend the following: 1. E-Commerce and Electronic Data Interchange: What Is It? 2. Opportunities and Threats 3. Risk Factors 4. Threat List 5. Security Technology 6. "Layer" Concept 7. Authentication 8. Encryption 9. Trading Partner Agreements 10. Risks and Controls within EDI and E-Commerce 11. E-Commerce and Auditability 12. Compliance Auditing 13. E-Commerce Audit Approach 14. Audit Tools and Techniques 15. Auditing Security Control Structures 16. Computer Assisted Audit Techniques CHAPTER 33 - Auditing UNIX/Linux After completing Chapter 33, you should comprehend the following: 1. History 2. Security and Control in a UNIX/Linux System 3. Architecture 4. UNIX Security 5. Services 6. Daemons 7. Auditing UNIX 8. Scrutiny of Logs 9. Audit Tools in the Public Domain 10. UNIX password File 11. Auditing UNIX Passwords

13 CHAPTER 34 - Auditing Windows After completing Chapter 34, you should comprehend the following: 1. History 2. NT and Its Derivatives 3. Auditing Windows Vista/Windows 7 4. Password Protection 5. VISTA/Windows 7 6. Security Checklist CHAPTER 35 - Foiling the System Hackers After completing Chapter 35, you should comprehend the following: 1. Foiling the system hackers CHAPTER 36 - Investigating Information Technology Fraud After completing Chapter 36, you should comprehend the following: 1. Preventing Fraud 2. Investigation 3. Identity Theft

Table of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc.

Table of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc. Table of Contents PART I. IS Audit Process. CHAPTER 1. Technology and Audit. Technology and Audit. Batch and On-Line Systems. CHAPTER 2. IS Audit Function Knowledge. Information Systems Auditing. What

More information

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection Compliance and Standards Matrix Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance

3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance 3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security

More information

LeRoy Budnik, Knowledge Transfer

LeRoy Budnik, Knowledge Transfer Preparing for a Storage Security Audit LeRoy Budnik, Knowledge Transfer SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA and is subject to other copyrights 1. Member

More information

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget

Office of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,

More information

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO

More information

CISA TIMETABLE (4 DAYS)

CISA TIMETABLE (4 DAYS) CISA TIMETABLE (4 DAYS) ISACA-CISA Day 1 9.00 9.30 Welcome, Introductions, Coffee 9.30 11.00 About the CISA Exam Domain 1 - The Process of Auditing Information Systems Auditing Types of Audits Audit Methodology

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

(Instructor-led; 3 Days)

(Instructor-led; 3 Days) Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of

More information

Impact of New Internal Control Frameworks

Impact of New Internal Control Frameworks Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com

More information

Domain 5 Information Security Governance and Risk Management

Domain 5 Information Security Governance and Risk Management Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association

More information

The Information Systems Audit

The Information Systems Audit November 25, 2009 e q 1 Institute of of Pakistan ICAP Auditorium, Karachi Sajid H. Khan Executive Director Technology and Security Risk Services e q 2 IS Environment Back Office Batch Apps MIS Online Integrated

More information

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.

Compliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2. ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework

More information

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.

Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Administrative Awareness Case Study: Government Offices Certification and Accreditation:

More information

Chapter 1 The Principles of Auditing 1

Chapter 1 The Principles of Auditing 1 Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls

More information

ACCOUNTING INFORMATION SYSTEMS

ACCOUNTING INFORMATION SYSTEMS ACCOUNTING INFORMATION SYSTEMS Controls and Processes SECOND EDITION LESLIE TURIHIER WILEY MODULE 1 Introduction to AIS INTRODUCTION Defines business processes, AIS, and all foundational concepts.

More information

CORE CONCEPTS OF. Thirteenth Edition. Mark G. Simkin, PhD. Professor Department of Information Systems University of Nevada

CORE CONCEPTS OF. Thirteenth Edition. Mark G. Simkin, PhD. Professor Department of Information Systems University of Nevada CORE CONCEPTS OF Accounting Information Systems Thirteenth Edition Mark G. Simkin, PhD. Professor Department of Information Systems University of Nevada Jacob M. Rose, Ph D. Trustee Professor Department

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

Information Technology General Controls And Best Practices

Information Technology General Controls And Best Practices Paul M. Perry, FHFMA, CITP, CPA Alabama CyberNow Conference April 5, 2016 Information Technology General Controls And Best Practices 1. IT General Controls - Why? 2. IT General Control Objectives 3. Documentation

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information

More information

State of Oregon. State of Oregon 1

State of Oregon. State of Oregon 1 State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information

More information

BMC s Security Strategy for ITSM in the SaaS Environment

BMC s Security Strategy for ITSM in the SaaS Environment BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...

More information

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Information Technology General Controls Review (ITGC) Audit Program Prepared by: Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the

More information

Office of Inspector General

Office of Inspector General DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,

More information

Information Security Policy

Information Security Policy Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current

More information

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009

Developing the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009 Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

IT Audit- Hospital Risks, Controls and Audit. AHIA Conference. Grant Thornton LLP. All rights reserved.

IT Audit- Hospital Risks, Controls and Audit. AHIA Conference. Grant Thornton LLP. All rights reserved. IT Audit- Hospital Risks, Controls and Audit Approaches AHIA Conference Grant Thornton LLP. All rights reserved. Agenda risk and organizational exposure understanding gyour information technology environment

More information

ELEVENTH EDITION. Brigham Young University. Arizona State University. Pearson Education International

ELEVENTH EDITION. Brigham Young University. Arizona State University. Pearson Education International ELEVENTH EDITION \ Brigham Young University Arizona State University Pearson Education International :id j - EF CONTENTS Parti Conceptual Foundations of Accounting Information Systems 23 CHAPTER 1 Accounting

More information

Information Security Program CHARTER

Information Security Program CHARTER State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information

More information

IT Architecture Review. ISACA Conference Fall 2003

IT Architecture Review. ISACA Conference Fall 2003 IT Architecture Review ISACA Conference Fall 2003 Table of Contents Introduction Business Drivers Overview of Tiered Architecture IT Architecture Review Why review IT architecture How to conduct IT architecture

More information

Agenda 3/7/2011. 2011 ERM Symposium March 14 16, 2011. Continuous Controls Monitoring. I. Changes In Corporate Environment

Agenda 3/7/2011. 2011 ERM Symposium March 14 16, 2011. Continuous Controls Monitoring. I. Changes In Corporate Environment 2011 ERM Symposium March 14 16, 2011 Continuous Controls Monitoring Futuristic Approach to Enterprise Risk Management Swissotel, Chicago, Chicago IL. Speakers: Syed M. Ali Alan Ash Sr. Audit Manager, Director

More information

Security from a customer s perspective. Halogen s approach to security

Security from a customer s perspective. Halogen s approach to security September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving

More information

Network and Security Controls

Network and Security Controls Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting

More information

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date: A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine

More information

Introduction to Cyber Security / Information Security

Introduction to Cyber Security / Information Security Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be

More information

Supporting information technology risk management

Supporting information technology risk management IBM Global Technology Services Thought Leadership White Paper October 2011 Supporting information technology risk management It takes an entire organization 2 Supporting information technology risk management

More information

Cybersecurity The role of Internal Audit

Cybersecurity The role of Internal Audit Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government

More information

Vendor Audit Questionnaire

Vendor Audit Questionnaire Vendor Audit Questionnaire The following questionnaire should be completed as thoroughly as possible. When information cannot be provided it should be noted why it cannot be provided. Information may be

More information

SANJEEV GOEL Freelance Trainer. IT Telecom Management Soft Skills

SANJEEV GOEL Freelance Trainer. IT Telecom Management Soft Skills TRAINING COURSES & WORKSHOPS - INFORMATION TECHNOLOGY ( IT ) CORPORATE IT STRATEGIES e-businss STRATEGIES MASTER DATA MANAGEMENT ( MDM ) BUSINESS INTELLIGENCE ( DATA WAREHOUSING & MINING ) IT AUDITING

More information

i) Question Type The following are guidelines on the type of questions and their approximate weightings:

i) Question Type The following are guidelines on the type of questions and their approximate weightings: Purpose Information Systems Strategy [MS2] Examination Blueprint 2014/2015 The Information Systems Strategy [MS2] examination has been constructed using an examination blueprint. The blueprint, also referred

More information

IBM Connections Cloud Security

IBM Connections Cloud Security IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application

More information

NSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division

NSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division AUDIT OF IT SECURITY Corporate Internal Audit Division Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada September 20, 2012 Corporate

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015

SAP Secure Operations Map. SAP Active Global Support Security Services May 2015 SAP Secure Operations Map SAP Active Global Support Security Services May 2015 SAP Secure Operations Map Security Compliance Security Governance Audit Cloud Security Emergency Concept Secure Operation

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (Issued December 2003; revised September 2004 (name change)) PN 1013 (September 04) PN 1013 (December 03) Contents Paragraphs

More information

TABLE OF CONTENTS INTRODUCTION... 1

TABLE OF CONTENTS INTRODUCTION... 1 TABLE OF CONTENTS INTRODUCTION... 1 Overview...1 Coordination with GLBA Section 501(b)...2 Security Objectives...2 Regulatory Guidance, Resources, and Standards...3 SECURITY PROCESS... 4 Overview...4 Governance...5

More information

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director

High Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role

More information

GEARS Cyber-Security Services

GEARS Cyber-Security Services Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments

More information

IT Governance Dr. Michael Shaw Term Project

IT Governance Dr. Michael Shaw Term Project IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3

More information

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8. micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5

More information

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available

More information

ISO27001 Controls and Objectives

ISO27001 Controls and Objectives Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the

More information

External Penetration Assessment and Database Access Review

External Penetration Assessment and Database Access Review External Penetration Assessment and Database Access Review Performed by Protiviti, Inc. At the request of Internal Audit April 25, 2012 Note: This presentation is intended solely for the use of the management

More information

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA

^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA ^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS KOGAN PAGE London and Sterling, VA Contents Foreword by Nigel Turnbull How to use this book

More information

The Importance of IT Controls to Sarbanes-Oxley Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers

More information

HP business controls solutions. Reducing operational risks while gaining the benefits of outsourcing

HP business controls solutions. Reducing operational risks while gaining the benefits of outsourcing HP business controls solutions Reducing operational risks while gaining the benefits of outsourcing There are signs that outsourcing and offshoring is being applied to business areas higher up the value

More information

ISO 27001 COMPLIANCE WITH OBSERVEIT

ISO 27001 COMPLIANCE WITH OBSERVEIT ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

Mission Assurance and Security Services

Mission Assurance and Security Services Mission Assurance and Security Services Dan Galik, Chief Federation of Tax Administrators Computer Security Officer Conference March 2007 Security, privacy and emergency preparedness issues are front page

More information

ISACA PROFESSIONAL RESOURCES

ISACA PROFESSIONAL RESOURCES ISACA PROFESSIONAL RESOURCES SEGREGATION OF DUTIES WITHIN INFORMATION SYSTEMS This is an excerpt from the CISA Review Manual 2005 Chapter 2 - Management, Planning and Organization of IS CISA Review Manual

More information

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera

Approach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help

More information

CISM ITEM DEVELOPMENT GUIDE

CISM ITEM DEVELOPMENT GUIDE CISM ITEM DEVELOPMENT GUIDE TABLE OF CONTENTS CISM ITEM DEVELOPMENT GUIDE Content Page Purpose of the CISM Item Development Guide 2 CISM Exam Structure 2 Item Writing Campaigns 2 Why Participate as a CISM

More information

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference

FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS Workpaper Reference Date(s) Completed Organization and Staffing procedures used to define the organization of the IT Department. 2. Review the organization

More information

INTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

INTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS INTERNATIONAL PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective) CONTENTS Paragraph Introduction... 1 5 Skills and Knowledge... 6 7 Knowledge

More information

Designing & Implementing. Programs. MBA Bank Expo 2012 April 11, 2012

Designing & Implementing. Programs. MBA Bank Expo 2012 April 11, 2012 Designing & Implementing Enterprise Security Programs MBA Bank Expo 2012 April 11, 2012 Session Purpose G R O U P Premise: Security is institutionalized, but the enterprise is evolving. the enterprise

More information

INFORMATION SYSTEM AUDITING AND ASSURANCE

INFORMATION SYSTEM AUDITING AND ASSURANCE CHAPTER INFORMATION SYSTEM AUDITING AND ASSURANCE As more and more accounting and business systems were automated, it became more and more evident that the field of auditing had to change. As the systems

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

REGULATIONS FOR THE SECURITY OF INTERNET BANKING REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY

More information

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security Technical Paper Plain talk about security When it comes to Cloud deployment, security is top of mind for all concerned. The Infor CloudSuite team uses best-practice protocols and a thorough, continuous

More information

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski

IT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing

More information

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013

An Overview of Information Security Frameworks. Presented to TIF September 25, 2013 An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information

More information

Internet Banking Internal Control Questionnaire

Internet Banking Internal Control Questionnaire Internet Banking Internal Control Questionnaire Completed by: Date Completed: 1. Has the institution developed and implemented a sound system of internal controls over Internet banking technology and systems?

More information

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:

Compliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's: Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services

More information

Trends in Information Technology (IT) Auditing

Trends in Information Technology (IT) Auditing Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan

More information

This is a preview - click here to buy the full publication

This is a preview - click here to buy the full publication TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems

More information

Healthcare Compliance Solutions

Healthcare Compliance Solutions Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and

More information

Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken )

Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken ) 23.11.2015 Jan Philipp Manager, Cyber Risk Services Enterprise Architect Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken ) Purpose today Introduction» Who I am

More information

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget

Office of the Auditor General Performance Audit Report. Statewide Oracle Database Controls Department of Technology, Management, and Budget Office of the Auditor General Performance Audit Report Statewide Oracle Database Controls Department of Technology, Management, and Budget March 2015 071-0565-14 State of Michigan Auditor General Doug

More information

SENIOR INFORMATION SYSTEMS MANAGER

SENIOR INFORMATION SYSTEMS MANAGER CITY OF PORTLAND Multiple SENIOR INFORMATION SYSTEMS MANAGER FLSA Status: Union Representation: Exempt Nonrepresented DEFINITION To plan, manage, supervise and coordinate information systems activities

More information

PRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT

PRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT PRIVACY OF CONSUMERS' FINANCIAL INFORMATION PART 12 501(b) AND BANK MANAGEMENT RESOURCES PROVIDED THROUGH APRIL 2001 Slides Narration In the last presentation, you learned about some of the general responsibilities

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

Digi Device Cloud: Security You Can Trust

Digi Device Cloud: Security You Can Trust Digi Device Cloud: Security You Can Trust Abstract Historically, security has oftentimes been an afterthought or a bolt-on to any engineering product. In today s markets, however, security is taking a

More information

ISACA rudens konference

ISACA rudens konference ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial

More information

PROCEDURE FOR SECURITY RISK MANAGEMENT IN PPC S.A. INFORMATION TECHNOLOGY SYSTEMS DA-1

PROCEDURE FOR SECURITY RISK MANAGEMENT IN PPC S.A. INFORMATION TECHNOLOGY SYSTEMS DA-1 PUBLIC POWER CORPORATION S.A. INFORMATION TECHNOLOGY DIVISION CENTRAL SYSTEMS SUPPORT SECTION IT SYSTEMS SECURITY SUBSECTION PROCEDURE FOR SECURITY RISK MANAGEMENT IN PPC S.A. INFORMATION TECHNOLOGY SYSTEMS

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014

DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 DIVISION OF INFORMATION SECURITY (DIS) Information Security Policy IT Risk Strategy V0.1 April 21, 2014 Revision History Update this table every time a new edition of the document is published Date Authored

More information

Information Technology Branch Access Control Technical Standard

Information Technology Branch Access Control Technical Standard Information Technology Branch Access Control Technical Standard Information Management, Administrative Directive A1461 Cyber Security Technical Standard # 5 November 20, 2014 Approved: Date: November 20,

More information

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview

08/10/2013. Data protection and compliance. Agenda. Data protection life cycle and goals. Introduction. Data protection overview Data protection and compliance In the cloud and in your data center 1 November 2013 Agenda 1 Introduction 2 Data protection overview 3 Understanding the cloud 4 Where do I start? 5 Wrap-up Page 2 Data

More information

Application Development within University. Security Checklist

Application Development within University. Security Checklist Application Development within University Security Checklist April 2011 The Application Development using data from the University Enterprise Systems or application Development for departmental use security

More information

Internal Control Deliverables. For. System Development Projects

Internal Control Deliverables. For. System Development Projects DIVISION OF AUDIT SERVICES Internal Control Deliverables For System Development Projects Table of Contents Introduction... 3 Process Flow... 3 Controls Objectives... 4 Environmental and General IT Controls...

More information

HIPAA/HITECH Compliance Using VMware vcloud Air

HIPAA/HITECH Compliance Using VMware vcloud Air Last Updated: September 23, 2014 White paper Introduction This paper is intended for security, privacy, and compliance officers whose organizations must comply with the Privacy and Security Rules of the

More information