Standards and Frameworks for Information System Security Auditing and Assurance
نویسنده
چکیده
Most organizations in all sectors of industry, commerce and government are fundamentally dependent on their information systems (IS) and would quickly cease to function should the technology (preferably information technology – IT) that underpins their activities ever come to halt [15]. The IT developments may have enormous implications for the operation, structure and strategy of organizations. IS and IT may contribute towards efficiency, productivity and competitiveness improvements of both inter-organizational and intraorganizational systems [1]. Successful organizations manage IT function in much the same way that they manage their other strategic functions and processes. This in particular means that they understand and manage risks associated with growing IT opportunities as well as critical dependence of many business processes on IT and vice-versa. IT risk management issues are not only any more marginal or ‘technical’ problems and become more and more a ‘business problem’. Therefore, in this paper a Corporate IT Risk Management model is proposed and contemporary frameworks of IT Governance and IS Audit (CobiT, ISO 27000 ‘family’, ITIL) is shown and explained. Key-Words: IT Governance, IS Audit, Corporate IT Risk Management Model, CobiT
منابع مشابه
Audit Analysis Models, Security Frameworks and Their Relevance for VoIP
Voice over IP (VoIP) is the transmission of voice and multimedia content over Internet Protocol (IP) networks, this paper reviews models, frameworks and auditing standards proposed to this date to manage VoIP security through a literature review, with descriptions of both the historical and philosophical evolution reflecting an adequate knowledge of related research. Three research questions ar...
متن کاملGoverning Information System Security: Review of Approaches to Information System Security Assurance and Auditing
Over the past decade information system security issues has been treated mainly from technology perspective. That model of information security management was reactive, mainly technologically driven and rarely aligned to business needs. This paper goes a step further and considers it from the governance view, mainly aligning it with the risk management activities and stressing the necessity for...
متن کاملA survey on auditing, quality assurance systems and legal frameworks in five selected slaughterhouses in Bulawayo, south-western Zimbabwe.
The purpose of this study was to explore the audits, quality assurance (QA) programmes and legal frameworks used in selected abattoirs in Zimbabwe and slaughterhouse workers' perceptions on their effectiveness. Data on slaughterhouse workers was gathered through a self-completed questionnaire and additional information was obtained from slaughterhouse and government records. External auditing w...
متن کاملBSM Security Auditing for Solaris Servers
Although Solaris servers might be inside the firewall and relatively secure, there are still chances for a hacker to break in, or chances for an ordinary user to attempt malicious activities. Therefore, security efforts have to be made to detect intruders and to prevent unauthorized actions. One of the security utilities for Solaris servers is called BSM (Basic Security Module), which is an aud...
متن کاملFeasibility of Automated Information Security Compliance Auditing
According to AS/NZS ISO/IEC 27001:2006 [11], management of an organization should provide evidence of its commitment to the establishment, implementation, operation, monitoring, review, maintenance and improvement of the organization’s information security management system. The objective of this research project was to explore the feasibility of designing an intelligent documentation system to...
متن کامل