A comprehensive guide to understanding and auditing modern information systems The increased dependence on information system resources for performing key activities within organizations has made system audits essential for ensuring the confidentiality, integrity, and availability of information system resources. One of the biggest challenges faced by auditors is the lack of a standardized approach and relevant checklist. Understanding and Conducting Information Systems Auditing brings together resources with audit tools and techniques to solve this problem. Featuring examples that are…mehr
A comprehensive guide to understanding and auditing modern information systems
The increased dependence on information system resources for performing key activities within organizations has made system audits essential for ensuring the confidentiality, integrity, and availability of information system resources. One of the biggest challenges faced by auditors is the lack of a standardized approach and relevant checklist. Understanding and Conducting Information Systems Auditing brings together resources with audit tools and techniques to solve this problem.
Featuring examples that are globally applicable and covering all major standards, the book takes a non-technical approach to the subject and presents information systems as a management tool with practical applications. It explains in detail how to conduct information systems audits and provides all the tools and checklists needed to do so. In addition, it also introduces the concept of information security grading, to help readers to implement practical changes and solutions in their organizations. Includes everything needed to perform information systems audits Organized into two sections--the first designed to help readers develop the understanding necessary for conducting information systems audits and the second providing checklists for audits Features examples designed to appeal to a global audience
Taking a non-technical approach that makes it accessible to readers of all backgrounds, Understanding and Conducting Information Systems Auditing is an essential resource for anyone auditing information systems.Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
VEENA HINGARH is Joint Director of the South Asian Management Technologies Foundation, a center for research, training, and application in the areas of finance and risk management, which provides training in areas including IS auditing, enterprise risk management, and risk modeling. Winner of numerous merit-based awards during her career, Hingarh's major areas of focus are IFRS and IS. She speaks frequently at conferences and platforms throughout Asia and the Middle East. Hingarh is a Chartered Accountant from the Institute of Chartered Accountants of India (ICAI), Certified Company Secretary of the Institute of Company Secretaries of India (ICSI), and Certified Information System Auditor (CISA) from ISACA (USA). ARIF AHMED is a professor at and Director of the South Asian Management Technologies Foundation as well as a Chartered Accountant from the Institute of Chartered Accountants of India (ICAI). He is an Information Security Management System Lead Auditor for the British Standards Institution. Ahmed's areas of focus are finance and risk management, and he has over two decades of postqualification experience in training and strategic consulting. He has been interviewed and quoted throughout the media and has spoken at various seminars and institutions, including the Institute of Chartered Accountants of India, XLRI, and the Institute of Company Secretaries of India.
Inhaltsangabe
Preface xi Acknowledgments xv PART ONE: CONDUCTING AN INFORMATION SYSTEMS AUDIT 1 Chapter 1: Overview of Systems Audit 3 Information Systems Audit 3 Information Systems Auditor 4 Legal Requirements of an Information Systems Audit 4 Systems Environment and Information Systems Audit 7 Information System Assets 8 Classification of Controls 9 The Impact of Computers on Information 12 The Impact of Computers on Auditing 14 Information Systems Audit Coverage 15 Chapter 2: Hardware Security Issues 17 Hardware Security Objective 17 Peripheral Devices and Storage Media 22 Client-Server Architecture 23 Authentication Devices 24 Hardware Acquisition 24 Hardware Maintenance 26 Management of Obsolescence 27 Disposal of Equipment 28 Problem Management 29 Change Management 30 Network and Communication Issues 31 Chapter 3: Software Security Issues 41 Overview of Types of Software 41 Elements of Software Security 47 Control Issues during Installation and Maintenance 53 Licensing Issues 55 Problem and Change Management 56 Chapter 4: Information Systems Audit Requirements 59 Risk Analysis 59 Threats, Vulnerability, Exposure, Likelihood, and Attack 61 Information Systems Control Objectives 61 Information Systems Audit Objectives 62 System Effectiveness and Effi ciency 63 Information Systems Abuse 63 Asset Safeguarding Objective and Process 64 Evidence Collection and Evaluation 65 Logs and Audit Trails as Evidence 67 Chapter 5: Conducting an Information Systems Audit 71 Audit Program 71 Audit Plan 72 Audit Procedures and Approaches 75 System Understanding and Review 77 Compliance Reviews and Tests 77 Substantive Reviews and Tests 80 Audit Tools and Techniques 81 Sampling Techniques 84 Audit Questionnaire 85 Audit Documentation 86 Audit Report 87 Auditing Approaches 89 Sample Audit Work-Planning Memo 91 Sample Audit Work Process Flow 93 Chapter 6: Risk-Based Systems Audit 101 Conducting a Risk-Based Information Systems Audit 101 Risk Assessment 104 Risk Matrix 105 Risk and Audit Sample Determination 107 Audit Risk Assessment 109 Risk Management Strategy 112 Chapter 7: Business Continuity and Disaster Recovery Plan 115 Business Continuity and Disaster Recovery Process 115 Business Impact Analysis 116 Incident Response Plan 118 Disaster Recovery Plan 119 Types of Disaster Recovery Plans 120 Emergency Preparedness Audit Checklist 121 Business Continuity Strategies 122 Business Resumption Plan Audit Checklist 123 Recovery Procedures Testing Checklist 126 Plan Maintenance Checklist 126 Vital Records Retention Checklist 127 Forms and Documents 128 Chapter 8: Auditing in the E-Commerce Environment 147 Introduction 147 Objectives of an Information Systems Audit in the E-Commerce Environment 148 General Overview 149 Auditing E-Commerce Functions 150 E-Commerce Policies and Procedures Review 155 Impact of E-Commerce on Internal Control 155 Chapter 9: Security Testing 159 Cybersecurity 159 Cybercrimes 160 What Is Vulnerable to Attack? 162 How Cyberattacks Occur 162 What Is Vulnerability Analysis? 165 Cyberforensics 168 Digital Evidence 170 Chapter 10: Case Study: Conducting an Information Systems Audit 173 Important Security Issues in Banks 174 Implementing an Information Systems Audit at a Bank Branch 180 Special Considerations in a Core Banking System 185 PART TWO: INFORMATION SYSTEMS AUDITING CHECKLISTS 197 Chapter 11: ISecGrade Auditing Framework 199 Introduction 199 Licensing and Limitations 200 Methodology 200 Domains 200 Grading Structure 202 Selection of Checklist 203 Format of Audit Report 206 Using the Audit Report Format 207 Chapter 12: ISecGrade Checklists 209 Checklist Structure 209 Information Systems Audit Checklists 210 Chapter 13: Session Quiz 281 Chapter 1: Overview of Systems Audit 281 Chapter 2: Hardware Security Issues 284 Chapter 3: Software Security Issues 286 Chapter 4: Information Systems Audit Requirements 288 Chapter 5: Conducting an Information Systems Audit 290 Chapter 6: Risk-Based Systems Audit 293 Chapter 7: Business Continuity and Disaster Recovery Plan 294 Chapter 8: Auditing in an E-Commerce Environment 296 Chapter 9: Security Testing 297 About the Authors 299 About the Website 301 Index 303
Preface xi Acknowledgments xv PART ONE: CONDUCTING AN INFORMATION SYSTEMS AUDIT 1 Chapter 1: Overview of Systems Audit 3 Information Systems Audit 3 Information Systems Auditor 4 Legal Requirements of an Information Systems Audit 4 Systems Environment and Information Systems Audit 7 Information System Assets 8 Classification of Controls 9 The Impact of Computers on Information 12 The Impact of Computers on Auditing 14 Information Systems Audit Coverage 15 Chapter 2: Hardware Security Issues 17 Hardware Security Objective 17 Peripheral Devices and Storage Media 22 Client-Server Architecture 23 Authentication Devices 24 Hardware Acquisition 24 Hardware Maintenance 26 Management of Obsolescence 27 Disposal of Equipment 28 Problem Management 29 Change Management 30 Network and Communication Issues 31 Chapter 3: Software Security Issues 41 Overview of Types of Software 41 Elements of Software Security 47 Control Issues during Installation and Maintenance 53 Licensing Issues 55 Problem and Change Management 56 Chapter 4: Information Systems Audit Requirements 59 Risk Analysis 59 Threats, Vulnerability, Exposure, Likelihood, and Attack 61 Information Systems Control Objectives 61 Information Systems Audit Objectives 62 System Effectiveness and Effi ciency 63 Information Systems Abuse 63 Asset Safeguarding Objective and Process 64 Evidence Collection and Evaluation 65 Logs and Audit Trails as Evidence 67 Chapter 5: Conducting an Information Systems Audit 71 Audit Program 71 Audit Plan 72 Audit Procedures and Approaches 75 System Understanding and Review 77 Compliance Reviews and Tests 77 Substantive Reviews and Tests 80 Audit Tools and Techniques 81 Sampling Techniques 84 Audit Questionnaire 85 Audit Documentation 86 Audit Report 87 Auditing Approaches 89 Sample Audit Work-Planning Memo 91 Sample Audit Work Process Flow 93 Chapter 6: Risk-Based Systems Audit 101 Conducting a Risk-Based Information Systems Audit 101 Risk Assessment 104 Risk Matrix 105 Risk and Audit Sample Determination 107 Audit Risk Assessment 109 Risk Management Strategy 112 Chapter 7: Business Continuity and Disaster Recovery Plan 115 Business Continuity and Disaster Recovery Process 115 Business Impact Analysis 116 Incident Response Plan 118 Disaster Recovery Plan 119 Types of Disaster Recovery Plans 120 Emergency Preparedness Audit Checklist 121 Business Continuity Strategies 122 Business Resumption Plan Audit Checklist 123 Recovery Procedures Testing Checklist 126 Plan Maintenance Checklist 126 Vital Records Retention Checklist 127 Forms and Documents 128 Chapter 8: Auditing in the E-Commerce Environment 147 Introduction 147 Objectives of an Information Systems Audit in the E-Commerce Environment 148 General Overview 149 Auditing E-Commerce Functions 150 E-Commerce Policies and Procedures Review 155 Impact of E-Commerce on Internal Control 155 Chapter 9: Security Testing 159 Cybersecurity 159 Cybercrimes 160 What Is Vulnerable to Attack? 162 How Cyberattacks Occur 162 What Is Vulnerability Analysis? 165 Cyberforensics 168 Digital Evidence 170 Chapter 10: Case Study: Conducting an Information Systems Audit 173 Important Security Issues in Banks 174 Implementing an Information Systems Audit at a Bank Branch 180 Special Considerations in a Core Banking System 185 PART TWO: INFORMATION SYSTEMS AUDITING CHECKLISTS 197 Chapter 11: ISecGrade Auditing Framework 199 Introduction 199 Licensing and Limitations 200 Methodology 200 Domains 200 Grading Structure 202 Selection of Checklist 203 Format of Audit Report 206 Using the Audit Report Format 207 Chapter 12: ISecGrade Checklists 209 Checklist Structure 209 Information Systems Audit Checklists 210 Chapter 13: Session Quiz 281 Chapter 1: Overview of Systems Audit 281 Chapter 2: Hardware Security Issues 284 Chapter 3: Software Security Issues 286 Chapter 4: Information Systems Audit Requirements 288 Chapter 5: Conducting an Information Systems Audit 290 Chapter 6: Risk-Based Systems Audit 293 Chapter 7: Business Continuity and Disaster Recovery Plan 294 Chapter 8: Auditing in an E-Commerce Environment 296 Chapter 9: Security Testing 297 About the Authors 299 About the Website 301 Index 303
Es gelten unsere Allgemeinen Geschäftsbedingungen: www.buecher.de/agb
Impressum
www.buecher.de ist ein Internetauftritt der buecher.de internetstores GmbH
Geschäftsführung: Monica Sawhney | Roland Kölbl | Günter Hilger
Sitz der Gesellschaft: Batheyer Straße 115 - 117, 58099 Hagen
Postanschrift: Bürgermeister-Wegele-Str. 12, 86167 Augsburg
Amtsgericht Hagen HRB 13257
Steuernummer: 321/5800/1497
