Foundations for Auditing Assurance
نویسندگان
چکیده
Retrospective security is an important element of layered security systems. Auditing is central to the theory and practice of retrospective security, however, in systems where auditing is used, programs are typically instrumented to generate audit logs using manual, adhoc strategies. This is a potential source of error even if log auditing techniques are formal, since the relation of the log itself to program execution is unclear. This paper focuses on provably correct program rewriting algorithms for instrumenting formal logging specifications. Correctness guarantees that execution of an instrumented program produces sound and complete audit logs, properties defined by an information containment relation between logs and the program’s logging semantics. As an application example, we consider auditing for break the glass policies, wherein authorization is replaced by auditing in emergency conditions.
منابع مشابه
Auditing Revenue Assurance Information Systems for Telecom Operators
Auditing revenue assurance information system is a hot topic because of its importance to the telecom operators ant its auditing difficulties. In this paper, first, the scope of the revenue assurance information system of telecom operators is prescribed. Second, it is to advance the IT audit framework of telecom operators based on the COSO and COBIT framework and the method of application audit...
متن کاملA survey on auditing, quality assurance systems and legal frameworks in five selected slaughterhouses in Bulawayo, south-western Zimbabwe.
The purpose of this study was to explore the audits, quality assurance (QA) programmes and legal frameworks used in selected abattoirs in Zimbabwe and slaughterhouse workers' perceptions on their effectiveness. Data on slaughterhouse workers was gathered through a self-completed questionnaire and additional information was obtained from slaughterhouse and government records. External auditing w...
متن کاملStructural methodologies for auditing SNOMED
SNOMED is one of the leading health care terminologies being used worldwide. As such, quality assurance is an important part of its maintenance cycle. Methodologies for auditing SNOMED based on structural aspects of its organization are presented. In particular, automated techniques for partitioning SNOMED into smaller groups of concepts based primarily on relationships patterns are defined. Tw...
متن کاملInvestigating Problems and Obstacles of the Risk-Based Auditing in Iran and Prioritizing them
In this study, we investigate the problems and obstacles of implementing the risk-based auditing in Iran. We set four hypotheses and used questionnaire containing 45 questions to collect the required data. The questionnaires were distributed between Iranian certified public accountants who were partners or directors of audit firms and audit organizations member of Iranian certified public accou...
متن کاملTwenty-First Century Assurance
Every aspect of the accounting profession is being pervasively affected by advances in information technology (IT). IT shifts power from producers (such as accountants and auditors) to consumers (such as investors, creditors, and other information users). Present and potential users of accounting and auditing services have increasing needs for relevant, reliable, and timely information, and IT ...
متن کامل