AUD105-2nd Edition. Auditor s Guide to IT - 20 hours. Objectives
|
|
- Richard Horn
- 8 years ago
- Views:
Transcription
1 AUD105-2nd Edition Auditor s Guide to IT - 20 hours Objectives More and more, auditors are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments. As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. With a complimentary student's version of the IDEA Data Analysis Software CD, Auditor's Guide to IT Auditing empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls. CHAPTER 1 Technology and Audit Course Outline After completing Chapter 1, you should comprehend the following: 1. Technology and Audit 2. Batch and On-Line Systems 3. Electronic Data Interchange 4. Electronic Business 5. Cloud Computing
2 CHAPTER 2 IS Audit Function Knowledge After completing Chapter 2, you should comprehend the following: 1. Information Systems Auditing 2. What Is Management? 3. Management Process 4. Understanding the Organization s Business 5. Establishing the Needs 6. Identifying Key Activities 7. Establish Performance Objectives 8. Decide the Control Strategies 9. Implement and Monitor the Controls 10. Executive Management s Responsibility and Corporate Governance 11. Audit Role 12. Conceptual Foundation 13. Professionalism within the IS Auditing Function 14. Relationship of Internal IS Audit to the External Auditor 15. Relationship of IS Audit to Other Company Audit Activities 16. Audit Charter 17. Charter Content 18. Outsourcing the IS Audit Activity 19. Regulation, Control, and Standards CHAPTER 3 IS Risk and Fundamental Auditing Concepts After completing Chapter 3, you should comprehend the following: 1. Computer Risks and Exposures 2. Effect of Risk 3. Audit and Risk 4. Audit Evidence 5. Conducting an IT Risk Assessment Process 6. NIST SP Framework 7. ISO The "Cascarino Cube" 9. Reliability of Audit Evidence 10. Audit Evidence Procedures 11. Responsibilities for Fraud Detection and Prevention CHAPTER 4 Standards and Guidelines for IS Auditing
3 After completing Chapter 4, you should comprehend the following: 1. IIA Standards 2. Code of Ethics 3. Advisory 4. Aids 5. Standards for the Professional Performance of Internal Auditing 6. ISACA Standards 7. ISACA Code of Ethics 8. COSO: Internal Control Standards 9. BS 7799 and ISO 17799: IT Security 10. NIST 11. BSI Baselines CHAPTER 5 Internal Controls Concepts Knowledge After completing Chapter 5, you should comprehend the following: 1. Internal Controls 2. Cost/Benefit Considerations 3. Internal Control Objectives 4. Types Of Internal Controls 5. Systems of Internal Control 6. Elements of Internal Control 7. Manual and Automated Systems 8. Control Procedures 9. Application Controls 10. Control Objectives and Risks 11. General Control Objectives 12. Data and Transactions Objectives 13. Program Control Objectives 14. Corporate IT Governance 15. COSO and Information Technology 16. Governance Frameworks CHAPTER 6 Risk Management of the IS Function After completing Chapter 6, you should comprehend the following: 1. Nature of Risk 2. Risk Analysis Softward 3. Auditing in General
4 4. Elements of Risk Analysis 5. Defining the Audit Universe 6. Computer System Threats 7. Risk Management CHAPTER 7 Audit Planning Process After completing Chapter 7, you should comprehend the following: 1. Benefits of an Audit Plan 2. Structure of the Plan 3. Types of Audit CHAPTER 8 Audit Management After completing Chapter 8, you should comprehend the following: 1. Planning 2. Audit Mission 3. IS Audit Mission 4. Organization of the Function 5. Staffing 6. IT Audit as a Support Function 7. Planning 8. Business Information Systems 9. Integrated IT Auditor vs Integrated IT Audit 10. Auditees as Part of the Audit Team 11. Application Audit Tools 12. Advanced Systems 13. Specialist Auditor 14. IS Audit Quality Assurance CHAPTER 9 Audit Evidence Process After completing Chapter 9, you should comprehend the following: 1. Audit Evidence 2. Audit Evidence Procedures 3. Criteria for Success 4. Statistical Sampling 5. Why Sample?
5 6. Judgmental (or Non-Statistical) Sampling 7. Statistical Approach 8. Sampling Risk 9. Assessing Sampling Risk 10. Planning a Sampling Application 11. Calculating Sample Size 12. Quantitative Methods 13. Project Scheduling Techniques 14. Simulations 15. Computer Assisted Audit Solutions 16. Generalized Audit Software 17. Application and Industry-Related Audit Software 18. Customized Audit Software 19. Information Retrieval Software 20. Utilities 21. On-Line Inquiry 22. Conventional Programming Languages 23. Microcomputer-Based Software 24. Test Transaction Techniques CHAPTER 10 Audit Reporting Follow-up After completing Chapter 10, you should comprehend the following: 1. Audit Reporting 2. Interim Reporting 3. Closing Conferences 4. Written Reports 5. Clear Writing Techniques 6. Preparing To Write 7. Basic Audit Report 8. Executive Summary 9. Detailed Findings 10. Polishing the Report 11. Distributing the Report 12. Follow-Up Reporting 13. Types of Follow-Up Action CHAPTER 11 Management After completing Chapter 11, you should comprehend the following:
6 1. IT Infrastructures 2. Project-Based Functions 3. Quality Control 4. Operations and Production 5. Technical Services 6. Performance Measurement and Reporting 7. Measurement Implementation CHAPTER 12 - Strategic Planning After completing Chapter 12, you should comprehend the following: 1. Strategic Management Process 2. Strategic Drivers 3. New Audit Revolution 4. Leveraging IT 5. Business Process Re-Engineering Motivation 6. IT as an Enabler of Re-Engineering 7. Dangers of Change 8. System Models 9. Information Resource Management 10. Strategic Planning for IT 11. Decision Support Systems 12. Steering Committees 13. Strategic Focus 14. Auditing Strategic Planning 15. Design the Audit Procedures CHAPTER 13 - Management Issues After completing Chapter 13, you should comprehend the following: 1. Privacy 2. Copyrights, Trademarks, and Patents 3. Ethical Issues 4. Corporate Codes of Conduct 5. IT Governance 6. Sarbanes-Oxley Act 7. Payment Card Industry Data Security Standards 8. Housekeeping
7 CHAPTER 14 - Support Tools and Frameworks After completing Chapter 14, you should comprehend the following: 1. General Frameworks 2. COSO: Internal Control Standards 3. Other Standards 4. Governance Frameworks CHAPTER 15 - Governance Techniques After completing Chapter 15, you should comprehend the following: 1. Change Control 2. Problem Management 3. Auditing Change Control 4. Operational Reviews 5. Performance Measurement 6. ISO 9000 Reviews CHAPTER 16 - Information Systems Planning After completing Chapter 16, you should comprehend the following: 1. Stakeholders 2. Operations 3. Systems Development 4. Technical Support 5. Other System Users 6. Segregation of Duties 7. Personnel Practices 8. Object-Oriented Systems Analysis 9. Enterprise Resource Planning 10. Cloud Computing CHAPTER 17 - Information Management and Usage After completing Chapter 17, you should comprehend the following: 1. What Are Advanced Systems? 2. Service Delivery and Management
8 3. Computer Assisted Audit Tools and Techniques CHAPTER 18 - Development, Acquisition, and Maintenance of Information Systems After completing Chapter 18, you should comprehend the following: 1. Programming Computers 2. Program Conversions 3. No Thanks Systems Development Exposures 4. Systems Development Controls 5. Systems Development Life Cycle Control: Control Objectives 6. Micro-Based Systems 7. Cloud Computing Applications CHAPTER 19- Impact of Information Technology on the Business Processes and Solutions After completing Chapter 19, you should comprehend the following: 1. Impact 2. Continuous Monitoring 3. Business Process Outsourcing 4. E-Business CHAPTER 20 - Software Development After completing Chapter 20, you should comprehend the following: 1. Developing a System 2. Change Control 3. Why Do Systems Fail? 4. Auditor's Role in Software Development CHAPTER 21 - Audit and Control of Purchased Packages After completing Chapter 21, you should comprehend the following: 1. IT Vendors 2. Request For Information
9 3. Requirements Definition 4. Request For Proposal 5. Installation 6. Systems Maintenance 7. Systems Maintenance Review 8. Outsourcing 9. SAS 70 Reports CHAPTER 22 - Audit Role in Feasibility Studies and Conversions After completing Chapter 22, you should comprehend the following: 1. Feasibility Success Factors 2. Conversion Success Factors CHAPTER 23 - Audit and Development of Application Controls After completing Chapter 23, you should comprehend the following: 1. What Are Systems? 2. Classifying Systems 3. Controlling Systems 4. Control Stages 5. Control Objectives of Business Systems 6. General Control Objectives 7. CAATS and their Role in Business Systems Auditing 8. Common Problems 9. Audit Procedures 10. CAAT Use in Non-Computerized Areas 11. Designing an Appropriate Audit Program CHAPTER 24 - Technical Infrastructure After completing Chapter 24, you should comprehend the following: 1. Auditing the Technical Infrastructure 2. Infrastructure Changes 3. Computer Operations Controls 4. Operations Exposures 5. Operations Controls 6. Personnel Controls
10 7. Supervisory Controls 8. Information Security 9. Operations Audits CHAPTER 25 - Service Center Management After completing Chapter 25, you should comprehend the following: 1. Private Sector Preparedness (PS Prep) 2. Continuity Management and Disaster Recovery 3. Managing Service Center Change CHAPTER 26 - Information Assets Security Management After completing Chapter 26, you should comprehend the following: 1. What Is Information Systems Security? 2. Control Techniques 3. Workstation Security 4. Physical Security 5. Logical Security 6. User Authentication 7. Communications Security 8. Encryption 9. How Encryption Works 10. Encryption Weaknesses 11. Potential Encryption 12. Data Integrity 13. Double Public Key Encryption 14. Steganography 15. Information Security Policy CHAPTER 27 - Logical Information Technology Security After completing Chapter 27, you should comprehend the following: 1. Computer Operating Systems 2. Tailoring the Operating System 3. Auditing the Operating System 4. Security 5. Criteria
11 6. Security Systems: Resource Access Control Facility 7. Auditing RACF 8. Access Control Facility 2 9. Top Secret 10. User Authentication 11. Bypass Mechanisms 12. Security Testing Methodologies CHAPTER 28 - Applied Information Technology Security After completing Chapter 28, you should comprehend the following: 1. Communications and Network Security 2. Network Protection 3. Hardening the Operating Environment 4. Client Server and Other Environments 5. Firewalls and Other Protection Resources 6. Intrusion Detection Systems CHAPTER 29 - Physical and Environmental Security After completing Chapter 29, you should comprehend the following: 1. Control Mechanisms 2. Implementing the Controls CHAPTER 30 - Protection of the Information Technology Architecture and Assets: Disaster Recovery Planning After completing Chapter 30, you should comprehend the following: 1. Risk Reassessment 2. Disaster Before and After 3. Consequences of Disruption 4. Where to Start 5. Testing the Plan 6. Auditing the Plan CHAPTER 31 Insurance
12 After completing Chapter 31, you should comprehend the following: 1. Insurance 2. Self-Insurance CHAPTER 32 - Auditing E-commerce Systems After completing Chapter 32, you should comprehend the following: 1. E-Commerce and Electronic Data Interchange: What Is It? 2. Opportunities and Threats 3. Risk Factors 4. Threat List 5. Security Technology 6. "Layer" Concept 7. Authentication 8. Encryption 9. Trading Partner Agreements 10. Risks and Controls within EDI and E-Commerce 11. E-Commerce and Auditability 12. Compliance Auditing 13. E-Commerce Audit Approach 14. Audit Tools and Techniques 15. Auditing Security Control Structures 16. Computer Assisted Audit Techniques CHAPTER 33 - Auditing UNIX/Linux After completing Chapter 33, you should comprehend the following: 1. History 2. Security and Control in a UNIX/Linux System 3. Architecture 4. UNIX Security 5. Services 6. Daemons 7. Auditing UNIX 8. Scrutiny of Logs 9. Audit Tools in the Public Domain 10. UNIX password File 11. Auditing UNIX Passwords
13 CHAPTER 34 - Auditing Windows After completing Chapter 34, you should comprehend the following: 1. History 2. NT and Its Derivatives 3. Auditing Windows Vista/Windows 7 4. Password Protection 5. VISTA/Windows 7 6. Security Checklist CHAPTER 35 - Foiling the System Hackers After completing Chapter 35, you should comprehend the following: 1. Foiling the system hackers CHAPTER 36 - Investigating Information Technology Fraud After completing Chapter 36, you should comprehend the following: 1. Preventing Fraud 2. Investigation 3. Identity Theft
Table of Contents. Auditor's Guide to Information Systems Auditing Richard E. Cascarino Copyright 2007, John Wiley & Sons, Inc.
Table of Contents PART I. IS Audit Process. CHAPTER 1. Technology and Audit. Technology and Audit. Batch and On-Line Systems. CHAPTER 2. IS Audit Function Knowledge. Information Systems Auditing. What
More informationAltius IT Policy Collection Compliance and Standards Matrix
Governance IT Governance Policy Mergers and Acquisitions Policy Terms and Definitions Policy 164.308 12.4 12.5 EDM01 EDM02 EDM03 Information Security Privacy Policy Securing Information Systems Policy
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationLeRoy Budnik, Knowledge Transfer
Preparing for a Storage Security Audit LeRoy Budnik, Knowledge Transfer SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA and is subject to other copyrights 1. Member
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationChapter 1 The Principles of Auditing 1
Chapter 1 The Principles of Auditing 1 Security Fundamentals: The Five Pillars Assessment Prevention Detection Reaction Recovery Building a Security Program Policy Procedures Standards Security Controls
More informationSecuring the Service Desk in the Cloud
TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,
More informationOffice of the Auditor General Performance Audit Report. Statewide UNIX Security Controls Department of Technology, Management, and Budget
Office of the Auditor General Performance Audit Report Statewide UNIX Security Controls Department of Technology, Management, and Budget December 2015 State of Michigan Auditor General Doug A. Ringler,
More informationDomain 5 Information Security Governance and Risk Management
Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association
More information(Instructor-led; 3 Days)
Information Security Manager: Architecture, Planning, and Governance (Instructor-led; 3 Days) Module I. Information Security Governance A. Introduction to Information Security Governance B. Overview of
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationCISA TIMETABLE (4 DAYS)
CISA TIMETABLE (4 DAYS) ISACA-CISA Day 1 9.00 9.30 Welcome, Introductions, Coffee 9.30 11.00 About the CISA Exam Domain 1 - The Process of Auditing Information Systems Auditing Types of Audits Audit Methodology
More informationIntroduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors
Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO
More informationIT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:
IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225
More informationCORE CONCEPTS OF. Thirteenth Edition. Mark G. Simkin, PhD. Professor Department of Information Systems University of Nevada
CORE CONCEPTS OF Accounting Information Systems Thirteenth Edition Mark G. Simkin, PhD. Professor Department of Information Systems University of Nevada Jacob M. Rose, Ph D. Trustee Professor Department
More informationDeveloping the Corporate Security Architecture. www.avient.ca Alex Woda July 22, 2009
Developing the Corporate Security Architecture www.avient.ca Alex Woda July 22, 2009 Avient Solutions Group Avient Solutions Group is based in Markham and is a professional services firm specializing in
More informationThe Information Systems Audit
November 25, 2009 e q 1 Institute of of Pakistan ICAP Auditorium, Karachi Sajid H. Khan Executive Director Technology and Security Risk Services e q 2 IS Environment Back Office Batch Apps MIS Online Integrated
More informationEncyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted.
Encyclopedia of Information Assurance Suggested Titles: March 25, 2013 The following titles have not been contracted. Administrative Awareness Case Study: Government Offices Certification and Accreditation:
More informationBMC s Security Strategy for ITSM in the SaaS Environment
BMC s Security Strategy for ITSM in the SaaS Environment TABLE OF CONTENTS Introduction... 3 Data Security... 4 Secure Backup... 6 Administrative Access... 6 Patching Processes... 6 Security Certifications...
More informationOffice of Inspector General
DEPARTMENT OF HOMELAND SECURITY Office of Inspector General Security Weaknesses Increase Risks to Critical United States Secret Service Database (Redacted) Notice: The Department of Homeland Security,
More informationPREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:
A SYSTEMS UNDERSTANDING A 1.0 Organization Objective: To ensure that the audit team has a clear understanding of the delineation of responsibilities for system administration and maintenance. A 1.1 Determine
More informationACCOUNTING INFORMATION SYSTEMS
ACCOUNTING INFORMATION SYSTEMS Controls and Processes SECOND EDITION LESLIE TURIHIER WILEY MODULE 1 Introduction to AIS INTRODUCTION Defines business processes, AIS, and all foundational concepts.
More informationIT Architecture Review. ISACA Conference Fall 2003
IT Architecture Review ISACA Conference Fall 2003 Table of Contents Introduction Business Drivers Overview of Tiered Architecture IT Architecture Review Why review IT architecture How to conduct IT architecture
More informationINFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c
INFORMATION SECURITY MANAGEMENT SYSTEM Version 1c Revised April 2011 CONTENTS Introduction... 5 1 Security Policy... 7 1.1 Information Security Policy... 7 1.2 Scope 2 Security Organisation... 8 2.1 Information
More informationIT Audit- Hospital Risks, Controls and Audit. AHIA Conference. Grant Thornton LLP. All rights reserved.
IT Audit- Hospital Risks, Controls and Audit Approaches AHIA Conference Grant Thornton LLP. All rights reserved. Agenda risk and organizational exposure understanding gyour information technology environment
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationInformation Security Policy
Information Security Policy Steve R. Hutchens, CISSP EDS, Global Leader, Homeland Security Agenda Security Architecture Threats and Vulnerabilities Design Considerations Information Security Policy Current
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationSupporting information technology risk management
IBM Global Technology Services Thought Leadership White Paper October 2011 Supporting information technology risk management It takes an entire organization 2 Supporting information technology risk management
More informationVendor Audit Questionnaire
Vendor Audit Questionnaire The following questionnaire should be completed as thoroughly as possible. When information cannot be provided it should be noted why it cannot be provided. Information may be
More informationELEVENTH EDITION. Brigham Young University. Arizona State University. Pearson Education International
ELEVENTH EDITION \ Brigham Young University Arizona State University Pearson Education International :id j - EF CONTENTS Parti Conceptual Foundations of Accounting Information Systems 23 CHAPTER 1 Accounting
More informationInformation Security Program CHARTER
State of Louisiana Information Security Program CHARTER Date Published: 12, 09, 2015 Contents Executive Sponsors... 3 Program Owner... 3 Introduction... 4 Statewide Information Security Strategy... 4 Information
More informationInformation Technology General Controls Review (ITGC) Audit Program Prepared by:
Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the
More informationState of Oregon. State of Oregon 1
State of Oregon State of Oregon 1 Table of Contents 1. Introduction...1 2. Information Asset Management...2 3. Communication Operations...7 3.3 Workstation Management... 7 3.9 Log management... 11 4. Information
More informationInformation Technology General Controls And Best Practices
Paul M. Perry, FHFMA, CITP, CPA Alabama CyberNow Conference April 5, 2016 Information Technology General Controls And Best Practices 1. IT General Controls - Why? 2. IT General Control Objectives 3. Documentation
More informationmicros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.
micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5
More informationTABLE OF CONTENTS INTRODUCTION... 1
TABLE OF CONTENTS INTRODUCTION... 1 Overview...1 Coordination with GLBA Section 501(b)...2 Security Objectives...2 Regulatory Guidance, Resources, and Standards...3 SECURITY PROCESS... 4 Overview...4 Governance...5
More informationAgenda 3/7/2011. 2011 ERM Symposium March 14 16, 2011. Continuous Controls Monitoring. I. Changes In Corporate Environment
2011 ERM Symposium March 14 16, 2011 Continuous Controls Monitoring Futuristic Approach to Enterprise Risk Management Swissotel, Chicago, Chicago IL. Speakers: Syed M. Ali Alan Ash Sr. Audit Manager, Director
More informationi) Question Type The following are guidelines on the type of questions and their approximate weightings:
Purpose Information Systems Strategy [MS2] Examination Blueprint 2014/2015 The Information Systems Strategy [MS2] examination has been constructed using an examination blueprint. The blueprint, also referred
More informationFIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.
1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams
More informationPRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (Issued December 2003; revised September 2004 (name change)) PN 1013 (September 04) PN 1013 (December 03) Contents Paragraphs
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationHigh Value Audits: An Update on Information Technology Auditing. Robert B. Hirth Jr., Managing Director
High Value Audits: An Update on Information Technology Auditing Robert B. Hirth Jr., Managing Director The technology landscape and its impact on internal audit Technology is playing an ever-growing role
More informationSAP Secure Operations Map. SAP Active Global Support Security Services May 2015
SAP Secure Operations Map SAP Active Global Support Security Services May 2015 SAP Secure Operations Map Security Compliance Security Governance Audit Cloud Security Emergency Concept Secure Operation
More informationIntroduction to Cyber Security / Information Security
Introduction to Cyber Security / Information Security Syllabus for Introduction to Cyber Security / Information Security program * for students of University of Pune is given below. The program will be
More informationNSERC SSHRC AUDIT OF IT SECURITY Corporate Internal Audit Division
AUDIT OF IT SECURITY Corporate Internal Audit Division Natural Sciences and Engineering Research Council of Canada Social Sciences and Humanities Research Council of Canada September 20, 2012 Corporate
More informationGEARS Cyber-Security Services
Florida Department of Management Services Division of State Purchasing Table of Contents Introduction... 1 About GEARS... 2 1. Pre-Incident Services... 3 1.1 Incident Response Agreements... 3 1.2 Assessments
More informationIT Governance Dr. Michael Shaw Term Project
IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3
More informationDesigning & Implementing. Programs. MBA Bank Expo 2012 April 11, 2012
Designing & Implementing Enterprise Security Programs MBA Bank Expo 2012 April 11, 2012 Session Purpose G R O U P Premise: Security is institutionalized, but the enterprise is evolving. the enterprise
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationISO27001 Controls and Objectives
Introduction This reference document for the University of Birmingham lists the control objectives, specific controls and background information, as given in Annex A to ISO/IEC 27001:2005. As such, the
More informationCyber Resilience Implementing the Right Strategy. Grant Brown Security specialist, CISSP @TheGrantBrown
Cyber Resilience Implementing the Right Strategy Grant Brown specialist, CISSP @TheGrantBrown 1 2 Network + Technology + Customers = $$ 3 Perfect Storm? 1) Increase in Bandwidth (extended reach) 2) Available
More informationNetwork and Security Controls
Network and Security Controls State Of Arizona Office Of The Auditor General Phil Hanus IT Controls Webinar Series Part I Overview of IT Controls and Best Practices Part II Identifying Users and Limiting
More informationHP business controls solutions. Reducing operational risks while gaining the benefits of outsourcing
HP business controls solutions Reducing operational risks while gaining the benefits of outsourcing There are signs that outsourcing and offshoring is being applied to business areas higher up the value
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationInformation Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis
Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University
More informationExternal Penetration Assessment and Database Access Review
External Penetration Assessment and Database Access Review Performed by Protiviti, Inc. At the request of Internal Audit April 25, 2012 Note: This presentation is intended solely for the use of the management
More informationSecurity Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken )
23.11.2015 Jan Philipp Manager, Cyber Risk Services Enterprise Architect Security Challenges of Cloud Providers ( Wie baue ich sichere Luftschlösser in den Wolken ) Purpose today Introduction» Who I am
More informationApplication Development within University. Security Checklist
Application Development within University Security Checklist April 2011 The Application Development using data from the University Enterprise Systems or application Development for departmental use security
More informationInternet Banking Internal Control Questionnaire
Internet Banking Internal Control Questionnaire Completed by: Date Completed: 1. Has the institution developed and implemented a sound system of internal controls over Internet banking technology and systems?
More informationISACA rudens konference
ISACA rudens konference 8 Novembris 2012 Procesa kontroles sistēmu drošība Andris Lauciņš Ievads Kāpēc tēma par procesa kontroles sistēmām? Statistics on incidents Reality of the environment of industrial
More informationSRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective for all the audits commencing on or after 01 April 2010) CONTENTS
More informationISO 27001 COMPLIANCE WITH OBSERVEIT
ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk
More informationSecurity from a customer s perspective. Halogen s approach to security
September 18, 2015 Security from a customer s perspective Using a cloud-based talent management program can deliver tremendous benefits to your organization, including aligning your workforce, improving
More informationINTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS
INTERNATIONAL PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective) CONTENTS Paragraph Introduction... 1 5 Skills and Knowledge... 6 7 Knowledge
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationIBM Connections Cloud Security
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
More informationMission Assurance and Security Services
Mission Assurance and Security Services Dan Galik, Chief Federation of Tax Administrators Computer Security Officer Conference March 2007 Security, privacy and emergency preparedness issues are front page
More informationCloud Services Overview
Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationApproach to Information Security Architecture. Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera
Approach to Information Security Architecture Kaapro Kanto Chief Architect, Security and Privacy TeliaSonera About TeliaSonera TeliaSonera provides network access and telecommunication services that help
More information^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS. KOGAN PAGE London and Sterling, VA
^H 3RD EDITION ITGOVERNANCE A MANAGER'S GUIOE TO OATA SECURITY ANO DS 7799/IS017799 ALAN CALDER STEVE WATKINS KOGAN PAGE London and Sterling, VA Contents Foreword by Nigel Turnbull How to use this book
More informationAIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE
AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,
More informationCISM ITEM DEVELOPMENT GUIDE
CISM ITEM DEVELOPMENT GUIDE TABLE OF CONTENTS CISM ITEM DEVELOPMENT GUIDE Content Page Purpose of the CISM Item Development Guide 2 CISM Exam Structure 2 Item Writing Campaigns 2 Why Participate as a CISM
More informationInformation Technology Internal Audit Report
Information Technology Internal Audit Report Report #2014-05 July 25, 2014 Table of Contents Page Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives... 4 Scope and Testing
More informationIn Brief. Smithsonian Institution Office of the Inspector General. Smithsonian Institution Network Report Number A-06-07, August 10, 2007
Smithsonian Institution Office of the Inspector General In Brief Smithsonian Institution Network Report Number A-06-07, August 10, 2007 Why We Did This Evaluation Under the Federal Information Security
More informationSecurity Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO 27000 / HIPAA / SOX / CobiT / FIPS 199 Compliant
Brochure More information from http://www.researchandmarkets.com/reports/3302152/ Security Manual Template Policy and Procedure Manual Compliance Management Made Easy ISO 27000 / HIPAA / SOX / CobiT /
More informationInformation Security @ Blue Valley Schools FEBRUARY 2015
Information Security @ Blue Valley Schools FEBRUARY 2015 Student Data Privacy & Security Blue Valley is committed to providing an education beyond expectations to each of our students. To support that
More informationCommonwealth Department of Family and Community Services. Submission to the Joint Committee of Public Accounts and Audit (JCPAA)
Commonwealth Department of Family and Community Services Submission to the Joint Committee of Public Accounts and Audit (JCPAA) Inquiry into the Management and Integrity of Electronic Information in the
More informationCloud Security. DLT Solutions LLC June 2011. #DLTCloud
Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions
More informationThis is a preview - click here to buy the full publication
TECHNICAL REPORT IEC/TR 62443-3-1 Edition 1.0 2009-07 colour inside Industrial communication networks Network and system security Part 3 1: Security technologies for industrial automation and control systems
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationIT AUDIT WHO WE ARE. Current Trends and Top Risks of 2015 10/9/2015. Eric Vyverberg. Randy Armknecht. David Kupinski
IT AUDIT Current Trends and Top Risks of 2015 2 02 Eric Vyverberg WHO WE ARE David Kupinski Randy Armknecht Associate Director Internal Audit Protiviti 317.510.4661 eric.vyverberg@protiviti.com Managing
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationEvaluate the Usability of Security Audits in Electronic Commerce
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
More informationThe Importance of IT Controls to Sarbanes-Oxley Compliance
Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers
More informationHP Security Assessment Services
HP Security Assessment Services HP Data Center Services Technical data Your corporate information and intellectual property are important assets that you want to protect from unauthorized users. Developing
More informationFORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS. Date(s) Completed. Workpaper Reference
FORM 20A.9 SAMPLE AUDIT PROGRAM FOR TESTING IT CONTROLS Workpaper Reference Date(s) Completed Organization and Staffing procedures used to define the organization of the IT Department. 2. Review the organization
More informationCompliance. Review. Our Compliance Review is based on an in-depth analysis and evaluation of your organization's:
Security.01 Penetration Testing.02 Compliance Review.03 Application Security Audit.04 Social Engineering.05 Security Outsourcing.06 Security Consulting.07 Security Policy and Program.08 Training Services
More informationTrends in Information Technology (IT) Auditing
Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan
More informationPROCEDURE FOR SECURITY RISK MANAGEMENT IN PPC S.A. INFORMATION TECHNOLOGY SYSTEMS DA-1
PUBLIC POWER CORPORATION S.A. INFORMATION TECHNOLOGY DIVISION CENTRAL SYSTEMS SUPPORT SECTION IT SYSTEMS SECURITY SUBSECTION PROCEDURE FOR SECURITY RISK MANAGEMENT IN PPC S.A. INFORMATION TECHNOLOGY SYSTEMS
More informationProtecting Official Records as Evidence in the Cloud Environment. Anne Thurston
Protecting Official Records as Evidence in the Cloud Environment Anne Thurston Introduction In a cloud computing environment, government records are held in virtual storage. A service provider looks after
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationHealthcare Compliance Solutions
Privacy Compliance Healthcare Compliance Solutions Trust and privacy are essential for building meaningful human relationships. Let Protected Trust be your Safe Harbor The U.S. Department of Health and
More information