- Shopping Bag ( 0 items )
Increasingly, auditors, information security professionals, managers, and audit committees are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many of these stakeholders are unfamiliar with the techniques they can use to efficiently and effectively determine whether information systems are adequately protected. Auditing Information Systems, Second Edition presents an easy, practical guide to auditing information systems that can be applied to all computing environments.
With the Second Edition of this popular resource, auditors will be able to examine an organization’s hardware, software, data protection, and processing methods to ensure that adequate controls and security are in place. Little in the way of prerequisite technical know-how is required. Author Jack Champlain begins by explaining the basics of any computer systemthe central processing unit, operating system, and application systemgiving every auditor the tools needed to begin an audit. This is followed by a step-by-step approach for conducting information systems audits, detailing specific procedures that auditors can readily apply to their own organizations. The Second Edition devotes special attention to the issues of most concern to information managers today. It provides over 80 case studies that demonstrate how concepts can be applied in real-world situations. Chapter topics include:
As networks and enterprise resource planning (ERP) systems bring resources together, and as increasing privacy violations and international political volatility threaten more organizations, information systems integrity becomes more important than ever. Auditing Information Systems, Second Edition empowers auditors, information security professionals, managers, and audit committees to effectively gauge the adequacy and effectiveness of information systems controls.
PART ONE: CORE CONCEPTS.
Chapter 1. Basics of Computing Systems.
Chapter 2. Identifying Computer Systems.
PART TWO: STANDARD INFORMATION SYSTEMS AUDIT APPROACH.
Chapter 3. Information Systems Audit Program.
Chapter 4. Information Systems Security Policies, Standards, and/or Guidelines.
Chapter 5. Auditing Service Organization Applications.
Chapter 6. Assessing the Financial Stability of Vendor Organizations, Examining Vendor Organization Contracts, and Examining Accounting Treatment of Computer Equipment and Software.
Chapter 7. Physical Security.
Chapter 8. Logical Security.
Chapter 9. Information Systems Operations.
PART THREE: CONTEMPORARY INFORMATION SYSTEMS AUDITING CONCEPTS.
Chapter 10. Control Self-Assessment and an Application in an Information Systems Environment.
Chapter 11. Encryption and Cryptography.
Chapter 12. Computer Forensics.
Chapter 13. Other Contemporary Information Systems Auditing Challenges.
Chapter 14. Humanistic Aspects of Information Systems Auditing.
Chapter 15. Information Systems Project Management Audits.
Chapter 16. Conclusion.
Appendix A: Professional Auditing Associations and Other Organizations Related to Information Systems Auditing and Computer Security.
Appendix B: Common Criteria for Information Technology Security Evaluation.
Appendix C: The International Organization for Standardization: Seven-Layer Open Systems Interconnection Reference Model.