Understanding and Conducting Information Systems Auditing

( 1 )

Overview

"This comprehensive book forms a basis for new auditors as well as experienced auditors working within an IT environment. Covering, as it does, such aspects as hardware and software security, the conducting of an information systems risk-based audit, as well as business continuity and disaster recovery planning, it acts as a reference manual as well as an instruction manual. Some of the focal areas such as security testing and vulnerability analysis are of particular benefit to the auditor, and the inclusion of ISecGrade Checklists makes this a

... See more details below
Other sellers (Hardcover)
  • All (10) from $54.96   
  • New (9) from $54.96   
  • Used (1) from $62.72   
Understanding and Conducting Information Systems Auditing + Website

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK
  • NOOK HD/HD+ Tablet
  • NOOK
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$54.49
BN.com price
(Save 42%)$95.00 List Price

Overview

"This comprehensive book forms a basis for new auditors as well as experienced auditors working within an IT environment. Covering, as it does, such aspects as hardware and software security, the conducting of an information systems risk-based audit, as well as business continuity and disaster recovery planning, it acts as a reference manual as well as an instruction manual. Some of the focal areas such as security testing and vulnerability analysis are of particular benefit to the auditor, and the inclusion of ISecGrade Checklists makes this a must-have addition to any IT auditor's library."

Richard Cascarino, MBA, CIA, CRMA, CFE, CISM

"Network security among organizations remains a major challenge in the evolution of the digital economy. If it were simply a technology issue the organizations could rely on IT engineers to deploy marvels of technological excellence. But ensuring continuous security is more than a mere technical matter. The authors, who are an extraordinary blend of accounting professionals with rich international experience and network security experts (CISA certified), have superbly deployed their own professional expertise to bring out a practical guide to organizational security in the digital economy. Like a master blender they have provided a rich interdisciplinary perspective with centrality of managerial responsibility. The central theme is that both technological design and managerial systems must continuously evolve in tandem. The book will be an invaluable guide for such organizations that are looking to enhance their management control systems and dynamically evolve along with technological change."

Anil Rawat, PhD, Director, Institute of Business Management & Technology; Director, International Academy for Knowledge, Innovation & Technology Management, Bangalore

"A balanced and practical book that covers all the key elements of information security. While it is an ideal reference for IS/IT managers, auditors, and chartered accountants, the book does not lose relevance for the practitioners of IS, and keeps up to the demands of business and industry by addressing current management and auditing techniques of information security. The templates available in the book are especially useful for quick, out-of-the-box implementation of an in-house or external IS audit. It's a reference book, practitioner's handbook, and a textbook on IS audit rolled into one!"

Mridul Banerjee, CISM, CRISC

"The authors provide an excellent overview of the information systems audit process, with an emphasis on today's evolving newer technologies and issues, such as performing audits in an e-commerce environment and systems security testing. The book is particularly strong in providing good, precise definitions and the audit implications for many of the technology concepts—such as routers, thin clients, or cloud computing—that are frequently used by information system auditors but where accurate definitions are often difficult. This kind of information helps both information system auditing newcomers and experienced professionals.

In addition to a wide range of information systems auditing and risk-based materials, the book has a large section of detailed information systems audit checklists that can be tailored to many environments. The book is an excellent resource for the information systems audit professional."

Robert R. Moeller, CPA, CISA, CISSP, author of multiple books on internal auditing, risk management, and IT governance

Read More Show Less

Product Details

  • ISBN-13: 9781118343746
  • Publisher: Wiley
  • Publication date: 3/26/2013
  • Series: Wiley Corporate F&A Series , #618
  • Edition number: 1
  • Pages: 304
  • Sales rank: 1,160,859
  • Product dimensions: 7.00 (w) x 10.10 (h) x 1.20 (d)

Meet the Author

VEENA HINGARH is Joint Director of the South Asian Management Technologies Foundation, a center for research, training, and application in the areas of finance and risk management, which provides training in areas including IS auditing, enterprise risk management, and risk modeling. Winner of numerous merit-based awards during her career, Hingarh's major areas of focus are IFRS and IS. She speaks frequently at conferences and platforms throughout Asia and the Middle East. Hingarh is a Chartered Accountant from the Institute of Chartered Accountants of India (ICAI), Certified Company Secretary of the Institute of Company Secretaries of India (ICSI), and Certified Information System Auditor (CISA) from ISACA (USA).

ARIF AHMED is a professor at and Director of the South Asian Management Technologies Foundation as well as a Chartered Accountant from the Institute of Chartered Accountants of India (ICAI). He is an Information Security Management System Lead Auditor for the British Standards Institution. Ahmed's areas of focus are finance and risk management, and he has over two decades of postqualification experience in training and strategic consulting. He has been interviewed and quoted throughout the media and has spoken at various seminars and institutions, including the Institute of Chartered Accountants of India, XLRI, and the Institute of Company Secretaries of India.

Read More Show Less

Table of Contents

Preface xi

Acknowledgments xv

PART ONE: CONDUCTING AN INFORMATION SYSTEMS AUDIT 1

Chapter 1: Overview of Systems Audit 3

Information Systems Audit 3

Information Systems Auditor 4

Legal Requirements of an Information Systems Audit 4

Systems Environment and Information Systems Audit 7

Information System Assets 8

Classification of Controls 9

The Impact of Computers on Information 12

The Impact of Computers on Auditing 14

Information Systems Audit Coverage 15

Chapter 2: Hardware Security Issues 17

Hardware Security Objective 17

Peripheral Devices and Storage Media 22

Client-Server Architecture 23

Authentication Devices 24

Hardware Acquisition 24

Hardware Maintenance 26

Management of Obsolescence 27

Disposal of Equipment 28

Problem Management 29

Change Management 30

Network and Communication Issues 31

Chapter 3: Software Security Issues 41

Overview of Types of Software 41

Elements of Software Security 47

Control Issues during Installation and Maintenance 53

Licensing Issues 55

Problem and Change Management 56

Chapter 4: Information Systems Audit Requirements 59

Risk Analysis 59

Threats, Vulnerability, Exposure, Likelihood, and Attack 61

Information Systems Control Objectives 61

Information Systems Audit Objectives 62

System Effectiveness and Effi ciency 63

Information Systems Abuse 63

Asset Safeguarding Objective and Process 64

Evidence Collection and Evaluation 65

Logs and Audit Trails as Evidence 67

Chapter 5: Conducting an Information Systems Audit 71

Audit Program 71

Audit Plan 72

Audit Procedures and Approaches 75

System Understanding and Review 77

Compliance Reviews and Tests 77

Substantive Reviews and Tests 80

Audit Tools and Techniques 81

Sampling Techniques 84

Audit Questionnaire 85

Audit Documentation 86

Audit Report 87

Auditing Approaches 89

Sample Audit Work-Planning Memo 91

Sample Audit Work Process Flow 93

Chapter 6: Risk-Based Systems Audit 101

Conducting a Risk-Based Information Systems Audit 101

Risk Assessment 104

Risk Matrix 105

Risk and Audit Sample Determination 107

Audit Risk Assessment 109

Risk Management Strategy 112

Chapter 7: Business Continuity and Disaster Recovery Plan 115

Business Continuity and Disaster Recovery Process 115

Business Impact Analysis 116

Incident Response Plan 118

Disaster Recovery Plan 119

Types of Disaster Recovery Plans 120

Emergency Preparedness Audit Checklist 121

Business Continuity Strategies 122

Business Resumption Plan Audit Checklist 123

Recovery Procedures Testing Checklist 126

Plan Maintenance Checklist 126

Vital Records Retention Checklist 127

Forms and Documents 128

Chapter 8: Auditing in the E-Commerce Environment 147

Introduction 147

Objectives of an Information Systems Audit in the E-Commerce Environment 148

General Overview 149

Auditing E-Commerce Functions 150

E-Commerce Policies and Procedures Review 155

Impact of E-Commerce on Internal Control 155

Chapter 9: Security Testing 159

Cybersecurity 159

Cybercrimes 160

What Is Vulnerable to Attack? 162

How Cyberattacks Occur 162

What Is Vulnerability Analysis? 165

Cyberforensics 168

Digital Evidence 170

Chapter 10: Case Study: Conducting an Information Systems Audit 173

Important Security Issues in Banks 174

Implementing an Information Systems Audit at a Bank Branch 180

Special Considerations in a Core Banking System 185

PART TWO: INFORMATION SYSTEMS AUDITING CHECKLISTS 197

Chapter 11: ISecGrade Auditing Framework 199

Introduction 199

Licensing and Limitations 200

Methodology 200

Domains 200

Grading Structure 202

Selection of Checklist 203

Format of Audit Report 206

Using the Audit Report Format 207

Chapter 12: ISecGrade Checklists 209

Checklist Structure 209

Information Systems Audit Checklists 210

Chapter 13: Session Quiz 281

Chapter 1: Overview of Systems Audit 281

Chapter 2: Hardware Security Issues 284

Chapter 3: Software Security Issues 286

Chapter 4: Information Systems Audit Requirements 288

Chapter 5: Conducting an Information Systems Audit 290

Chapter 6: Risk-Based Systems Audit 293

Chapter 7: Business Continuity and Disaster Recovery Plan 294

Chapter 8: Auditing in an E-Commerce Environment 296

Chapter 9: Security Testing 297

About the Authors 299

About the Website 301

Index 303

Read More Show Less

Customer Reviews

Average Rating 5
( 1 )
Rating Distribution

5 Star

(1)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Posted July 22, 2014

    The book is like an implementation manual for those who ant to s

    The book is like an implementation manual for those who ant to set up an efficient information system audit unit in their organisation. A must have for all IT audit professionals

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)