I


IBM, 225

identity spoofing, 248

IIA (Institute of Internal Auditors), 79

IIS, 159

IISLockdown, 210

IMAPI CD-Burning COM Service, 145

IMS (Information Management System), 225

incentives for employees, 70

"independence" of internal audit department, 5-7

Indexing Service Wireless, 145

indices, 228

industrial areas, data center proximity to, 90

informal audits, 11-14

information criticality values

assigning to information assets, 359

defining, 357

information disclosure, 249

Information Management System (IMS), 225

Information Systems Audit and Control Association (ISACA), 29, 79

information technology (IT) audit function, internal. See internal information technology (IT) audit function

infrastructure control, 261

injection attacks, 218

input controls, 252-254

Institute of Internal Auditors (IIA), 79

interface controls, 254-255

internal control-integrated framework, 309-311

component relationships, 311

control activities, 310

control environment, 310

information and communication, 310-311

monitoring, 311

overview, 309-310

risk assessment, 310

internal controls, 33-36

See also internal control-integrated framework

defined, 5

examples of, 35-36

access controls, 35

backups and disaster-recovery plans, 36

overview, 35

software change controls, 35

legislation related to, 327-328

history of corporate financial regulation, 328

overview, 327

regulatory impact on IT audit, 327-328

overview, 33-34

types of, 34-35

detective controls, 35

overview, 34

preventive controls, 34-35

reactive controls (corrective controls), 35

internal information technology (IT) audit function, 3-31

early involvement, 9-11

forming and maintaining effective IT audit team, 23-28

career IT auditors, 23-28

cosourcing, 28

IT professionals, 25-26

overview, 23

informal audits, 11-14

knowledge sharing, 14-16

common issues, best practices, and innovative solutions, 15-16

control guidelines, 14-15

overview, 14

tools, 16

maintaining expertise, 28-30

overview, 28

sources of learning, 29-30

mission of internal audit department, 3-5

overview, 3

relationship building, 17-20

building partnerships, 19-20

overview, 17-18

relationship with external auditors, 30-31

role of IT audit team, 20-23

information systems auditors, 22

IT auditors, 22-23

overview, 20-21

support for financial auditors, 22

self-assessments, 17

whether internal audit department is independent, 5-7

International Organization for Standardization (ISO) 27001/ISO 17799/BS 7799, 322-323

international privacy laws, 341-342

Canadian Personal Information Protection and Electronic Document Act (PIPEDA), 341-342

European Directive on the Protection of Personal Data, 341

overview, 341

Intersite Messaging, 145

intranet, 14

intrusion detection and prevention, 154, 200

inventory of all equipment, 76

ISACA (Information Systems Audit and Control Association), 29, 79

ISAPI filters, 213

ISO (International Organization for Standardization) 27001/ISO 17799/BS 7799, 322-323

issue discovery and validation, 45-46

issue tracking, 55-57

issues list, in audit report, 51-54

IT (information technology) audit function, internal. See internal information technology (IT) audit function

IT audit manager, 6

IT organization structure, 62-63

IT professionals, 22-26

vs. career IT auditors, 27-28

overview, 25-26

sources for, 26

IT risk scenario, 353-354

IT strategic planning process, 64-65

ITIL (IT Infrastructure Library), 319-322



IT Auditing. Using Controls to Protect Information Assets
It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
ISBN: B001TI1HNG
EAN: N/A
Year: 2004
Pages: 159

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net