Introduction

Previous page
Table of content
Next page

Overview

When we began writing this book, we had a fundamental tenet: Write a clear handbook for creating the organization's IT audit function and for performing their IT audits. We wanted this book to provide more than checklists and textbook theories but instead to provide real-life practical guidance from people who have performed IT audit work day in and day out in real corporations. If we've been successful, reading this book will accomplish three objectives for the reader, above and beyond what can be obtained from most IT auditing books and classes:

Guide the reader in how to perform the IT audit function in such a way that the auditors maximize the value they provide to the company.

Part I of this book is dedicated to providing practical guidance on how to perform the IT audit function in such a way that it will be considered an essential and respected element of the company's IT environment. This guidance is pulled from years of experience and best practices, and even the most experienced of IT auditors will find a plethora of useful tools and techniques in those chapters.

Enable the reader to perform thorough audits of common IT topics, processes, and technologies.

Part II of this book is dedicated to guiding the reader with practical, detailed advice on not only what to do but also why and how to do it. Too many IT audit resources provide bullet-oriented checklists without empowering the auditor with enough information to understand why they're performing that item or how exactly to accomplish the step. Our goal was to fill that gap for the reader.

Give the reader exposure to IT audit standards and frameworks as well as the regulations that are currently driving the IT audit profession.

Part III focuses on standards and frameworks such as CoBIT, ITIL, and ISO 17799 as well as regulations such as Sarbanes-Oxley, HIPAA, and PCI. Another goal of this section was to demystify risk assessment and management, which is required by most regulations.

There is a wealth of knowledge and resources for hardening systems and performing detailed penetration tests in other texts. That is not the focus of this book. In our experience as auditors, we found that we were called on more often to judge the quality of internal controls from an insider's standpoint. Therefore, the majority of audit steps in this book are written with the assumption that the auditor has full access to all configuration files, documentation, and information. This is not a hackerss' guidebook but is instead a guidebook on how an auditor can assess and judge the internal controls and security of the IT systems and processes at his or her company.


Previous page
Table of content
Next page
IT Auditing. Using Controls to Protect Information Assets
It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
ISBN: B001TI1HNG
EAN: N/A
Year: 2004
Pages: 159
BUY ON AMAZON
Introducing Microsoft Office InfoPath 2003 (Bpg-Other)
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Cisco IP Telephony (CIPT) (Authorized Self-Study) (2nd Edition)
Extending and Embedding PHP
VBScript in a Nutshell, 2nd Edition
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy