INFORMATION SECURITY AUDIT

How Should Organizational Information Systems Be Audited For Security?

How Should Organizational Information Systems Be Audited For Security?

Introduction

In the beginning of the computer era, many people were suspect of their ability to replace humankind performing complex tasks. The numbers from newspaper claims and invoices were joined into your pc system, which would execute data and make reports. Computers were audited using choosing techniques. An auditor would collect the original newspaper claims and invoices, personally execute the data used to make each report, and compare the results of the manual computation with those generated by your pc system. However, these exercises also sometimes produced conclusions of scams. Fraud activities varied from data entry individual changing check payees to developers making deliberate rounding mistakes developed to obtain cash bills in vague accounts. As auditors acknowledged saying styles of scams, they recommended a variety of safety measures developed to automatically prevent, identify, or recover from theft of assets.

Discussion

As computers became more innovative, auditors recognized that they had less and fewer results related to the correctness of details and more and more on the side of not approved access. Moreover, the difficulties that were designed to sustain correctness of details were incorporated as application change management methods. These depend extremely on security to use addresses over segregation of responsibilities between collection, analyzing, and rendering personnel. This recommended that even collection changes seen in some evaluate for their efficiency on pc system security addresses. These days, details techniques examine seems almost symbolic of details security control examining.

Security Audit

The phrase "audit" can deliver shivers down the back of the most battle-hardened professional. This implies that an small company is going to perform an official published evaluation of one or more essential elements of the company. Economical audits is the most standard exams an enterprise supervisor activities. However, they are unlikely to be knowledgeable with details protection audits; that is, an analyze of how the privacy, availableness and reliability of a company details are certain.

Computer security auditors execute their work though personal interview, weaknesses tests, evaluation of configurations, descriptions of system stocks, and standard data. They are worried generally with how security guidelines - the groundwork of any successful firm security technique - are actually used (Helms & Mancino, 1998).

Information System Audit Process

Audit is a part of the overall audit process, which is good for enterprise administration. While there is no single around the world information of IS audit, scientists have recognized it as EDP auditing program which follows the process of collecting and analyzing confirmation to decide whether a program or details program protection precautions alternatives, keeps details excellence, does company goals efficiently and uses alternatives effectively (Hayes, 2003).

Information methods are the middle of any large enterprise. As in the past, computer systems do not merely history buys, but actually drive the key enterprise methods of the enterprise. The purpose of IS audit is to review and provide opinions, guarantees and suggestions. These concerns can be organized under three large heads:

Availability

Confidentiality

Integrity

Elements of Information System Audit

A ...