IBM, 225
identity spoofing, 248
IIA (Institute of Internal Auditors), 79
IIS, 159
IISLockdown, 210
IMAPI CD-Burning COM Service, 145
IMS (Information Management System), 225
incentives for employees, 70
"independence" of internal audit department, 5-7
Indexing Service Wireless, 145
indices, 228
industrial areas, data center proximity to, 90
informal audits, 11-14
information criticality values
assigning to information assets, 359
defining, 357
information disclosure, 249
Information Management System (IMS), 225
Information Systems Audit and Control Association (ISACA), 29, 79
information technology (IT) audit function, internal. See internal information technology (IT) audit function
infrastructure control, 261
injection attacks, 218
input controls, 252-254
Institute of Internal Auditors (IIA), 79
interface controls, 254-255
internal control-integrated framework, 309-311
component relationships, 311
control activities, 310
control environment, 310
information and communication, 310-311
monitoring, 311
overview, 309-310
risk assessment, 310
internal controls, 33-36
See also internal control-integrated framework
defined, 5
examples of, 35-36
access controls, 35
backups and disaster-recovery plans, 36
overview, 35
software change controls, 35
legislation related to, 327-328
history of corporate financial regulation, 328
overview, 327
regulatory impact on IT audit, 327-328
overview, 33-34
types of, 34-35
detective controls, 35
overview, 34
preventive controls, 34-35
reactive controls (corrective controls), 35
internal information technology (IT) audit function, 3-31
early involvement, 9-11
forming and maintaining effective IT audit team, 23-28
career IT auditors, 23-28
cosourcing, 28
IT professionals, 25-26
overview, 23
informal audits, 11-14
knowledge sharing, 14-16
common issues, best practices, and innovative solutions, 15-16
control guidelines, 14-15
overview, 14
tools, 16
maintaining expertise, 28-30
overview, 28
sources of learning, 29-30
mission of internal audit department, 3-5
overview, 3
relationship building, 17-20
building partnerships, 19-20
overview, 17-18
relationship with external auditors, 30-31
role of IT audit team, 20-23
information systems auditors, 22
IT auditors, 22-23
overview, 20-21
support for financial auditors, 22
self-assessments, 17
whether internal audit department is independent, 5-7
International Organization for Standardization (ISO) 27001/ISO 17799/BS 7799, 322-323
international privacy laws, 341-342
Canadian Personal Information Protection and Electronic Document Act (PIPEDA), 341-342
European Directive on the Protection of Personal Data, 341
overview, 341
Intersite Messaging, 145
intranet, 14
intrusion detection and prevention, 154, 200
inventory of all equipment, 76
ISACA (Information Systems Audit and Control Association), 29, 79
ISAPI filters, 213
ISO (International Organization for Standardization) 27001/ISO 17799/BS 7799, 322-323
issue discovery and validation, 45-46
issue tracking, 55-57
issues list, in audit report, 51-54
IT (information technology) audit function, internal. See internal information technology (IT) audit function
IT audit manager, 6
IT organization structure, 62-63
IT professionals, 22-26
vs. career IT auditors, 27-28
overview, 25-26
sources for, 26
IT risk scenario, 353-354
IT strategic planning process, 64-65
ITIL (IT Infrastructure Library), 319-322