You are previewing Understanding and Conducting Information Systems Auditing + Website.
O'Reilly logo
Understanding and Conducting Information Systems Auditing + Website

Book Description

A comprehensive guide to understanding and auditing modern information systems

The increased dependence on information system resources for performing key activities within organizations has made system audits essential for ensuring the confidentiality, integrity, and availability of information system resources. One of the biggest challenges faced by auditors is the lack of a standardized approach and relevant checklist. Understanding and Conducting Information Systems Auditing brings together resources with audit tools and techniques to solve this problem.

Featuring examples that are globally applicable and covering all major standards, the book takes a non-technical approach to the subject and presents information systems as a management tool with practical applications. It explains in detail how to conduct information systems audits and provides all the tools and checklists needed to do so. In addition, it also introduces the concept of information security grading, to help readers to implement practical changes and solutions in their organizations.

  • Includes everything needed to perform information systems audits

  • Organized into two sections—the first designed to help readers develop the understanding necessary for conducting information systems audits and the second providing checklists for audits

  • Features examples designed to appeal to a global audience

  • Taking a non-technical approach that makes it accessible to readers of all backgrounds, Understanding and Conducting Information Systems Auditing is an essential resource for anyone auditing information systems.

    Table of Contents

    1. Cover
    2. Contents
    3. Title
    4. Copyright
    5. Dedication
    6. Preface
    7. Acknowledgments
    8. Part One: Conducting an Information Systems Audit
      1. Chapter One: Overview of Systems Audit
        1. Information Systems Audit
        2. Information Systems Auditor
        3. Legal Requirements of an Information Systems Audit
        4. Systems Environment and Information Systems Audit
        5. Information Systems Assets
        6. Classification of Controls
        7. The Impact of Computers on Information
        8. The Impact of Computers on Auditing
        9. Information Systems Audit Coverage
      2. Chapter Two: Hardware Security Issues
        1. Hardware Security Objective
        2. Peripheral Devices and Storage Media
        3. Client-Server Architecture
        4. Authentication Devices
        5. Hardware Acquisition
        6. Hardware Maintenance
        7. Management of Obsolescence
        8. Disposal of Equipment
        9. Problem Management
        10. Change Management
        11. Network and Communication Issues
      3. Chapter Three: Software Security Issues
        1. Overview of Types of Software
        2. Elements of Software Security
        3. Control Issues during Installation and Maintenance
        4. Licensing Issues
        5. Problem and Change Management
      4. Chapter Four: Information Systems Audit Requirements
        1. Risk Analysis
        2. Threats, Vulnerability, Exposure, Likelihood, and Attack
        3. Information Systems Control Objectives
        4. Information Systems Audit Objectives
        5. System Effectiveness and Efficiency
        6. Information Systems Abuse
        7. Asset Safeguarding Objective and Process
        8. Evidence Collection and Evaluation
        9. Logs and Audit Trails as Evidence
      5. Chapter Five: Conducting an Information Systems Audit
        1. Audit Program
        2. Audit Plan
        3. Audit Procedures and Approaches
        4. System Understanding and Review
        5. Compliance Reviews and Tests
        6. Substantive Reviews and Tests
        7. Audit Tools and Techniques
        8. Sampling Techniques
        9. Audit Questionnaire
        10. Audit Documentation
        11. Audit Report
        12. Auditing Approaches
        13. Sample Audit Work-Planning Memo
        14. Sample Audit Work Process Flow
      6. Chapter Six: Risk-Based Systems Audit
        1. Conducting a Risk-Based Information Systems Audit
        2. Risk Assessment
        3. Risk Matrix
        4. Risk and Audit Sample Determination
        5. Audit Risk Assessment
        6. Risk Management Strategy
      7. Chapter Seven: Business Continuity and Disaster Recovery Plan
        1. Business Continuity and Disaster Recovery Process
        2. Business Impact Analysis
        3. Incident Response Plan
        4. Disaster Recovery Plan
        5. Types of Disaster Recovery Plans
        6. Emergency Preparedness Audit Checklist
        7. Business Continuity Strategies
        8. Business Resumption Plan Audit Checklist
        9. Recovery Procedures Testing Checklist
        10. Plan Maintenance Checklist
        11. Vital Records Retention Checklist
        12. Forms and Documents
      8. Chapter Eight: Auditing in the E-Commerce Environment
        1. Introduction
        2. Objectives of an Information Systems Audit in the E-Commerce Environment
        3. General Overview
        4. Auditing E-Commerce Functions
        5. E-Commerce Policies and Procedures Review
        6. Impact of E-Commerce on Internal Control
      9. Chapter Nine: Security Testing
        1. Cybersecurity
        2. Cybercrimes
        3. What is Vulnerable to Attack?
        4. How Cyberattacks Occur
        5. What is Vulnerability Analysis?
        6. Cyberforensics
        7. Digital Evidence
      10. Chapter Ten: Case Study: Conducting an Information Systems Audit
        1. Important Security Issues in Banks
        2. Implementing an Information Systems Audit at a Bank Branch
        3. Special Considerations in a Core Banking System
    9. Part Two: Information Systems Auditing Checklists
      1. Chapter Eleven: ISecGrade Auditing Framework
        1. Introduction
        2. Licensing and Limitations
        3. Methodology
        4. Domains
        5. Grading Structure
        6. Selection of Checklist
        7. Format of Audit Report
        8. Using the Audit Report Format
      2. Chapter Twelve: ISecGrade Checklists
        1. Checklist Structure
        2. Information Systems Audit Checklists
      3. Chapter Thirteen: Session Quiz
        1. Chapter 1: Overview of Systems Audit
        2. Chapter 2: Hardware Security Issues
        3. Chapter 3: Software Security Issues
        4. Chapter 4: Information Systems Audit Requirements
        5. Chapter 5: Conducting an Information Systems Audit
        6. Chapter 6: Risk-Based Systems Audit
        7. Chapter 7: Business Continuity and Disaster Recovery Plan
        8. Chapter 8: Auditing in the E-Commerce Environment
        9. Chapter 9: Security Testing
    10. About the Authors
    11. About the Website
    12. Index