E-Book
80,99 €

IT Audit, Control, and Security E-Book

Robert R. Moeller

0,0

80,99 €

oder

Leseprobe lesen

Sammeln Sie Punkte in unserem Gutscheinprogramm und kaufen Sie E-Books und Hörbücher mit bis zu 100% Rabatt.
Mehr erfahren.

Herausgeber: John Wiley & Sons
Kategorie: Fachliteratur
Serie: Wiley Corporate F&A
Sprache: Englisch

Beschreibung

When it comes to computer security, the role of auditors today has never been more crucial. Auditors must ensure that all computers, in particular those dealing with e-business, are secure. The only source for information on the combined areas of computer audit, control, and security, the IT Audit, Control, and Security describes the types of internal controls, security, and integrity procedures that management must build into its automated systems. This very timely book provides auditors with the guidance they need to ensure that their systems are secure from both internal and external threats.

Details

Sie lesen das E-Book in den Legimi-Apps auf:

Android

iOS

von Legimi
zertifizierten E-Readern

Seitenzahl: 1505

Veröffentlichungsjahr: 2010

Bewertungen

0,0

Rezensionen(0 Rezensionen)

Ähnliche

Executive's Guide to COSO Internal Controls

Robert R. Moeller

COSO Enterprise Risk Management

Robert R. Moeller

Brink's Modern Internal Auditing

Robert R. Moeller

Für immer aufgeräumt – auch digital

Jürgen Kurz

Der Weg zum erfolgreichen Unternehmer

Stefan Merath

Der Weg zum erfolgreichen Unternehmer

Stefan Merath

Denke (nach) und werde reich

Krebszellen mögen keine Himbeeren - Der große Bestseller - Vollständig überarbeitet und aktualisiert

Richard Béliveau

Die Hormonrevolution

Michael E Platt

Der Crash ist die Lösung

Matthias Weik

Günter, der innere Schweinehund, lernt verkaufen

Stefan Frädrich

Mission erfüllt

Owen Mark

Die Leber wächst mit ihren Aufgaben

Dr. med. Eckart von Hirschhausen

Macht, was ihr liebt!

Anja Förster

Der größte Raubzug der Geschichte

Matthias Weik

Der Mann und das Holz

Lars Mytting

Kopf schlägt Kapital

Günter Faltin

Unsere Hunde - gesund durch Homöopathie

Hans Günter Wolff

Die Jahrhundertlüge, die nur Insider kennen

Heiko Schrang

Leseprobe

Cover

Contents

Title page

Dedication

Introduction

PART ONE: Auditing Internal Controls in an IT Environment

CHAPTER ONE: SOx and the COSO Internal Controls Framework

ROLES AND RESPONSIBILITIES OF IT AUDITORS

IMPORTANCE OF EFFECTIVE INTERNAL CONTROLS AND COSO

COSO INTERNAL CONTROL SYSTEMS MONITORING GUIDANCE

SARBANES-OXLEY ACT

WRAPPING IT UP: COSO INTERNAL CONTROLS AND SOX

NOTES

CHAPTER TWO: Using CobiT to Perform IT Audits

INTRODUCTION TO CobiT

CobiT FRAMEWORK

USING CobiT TO ASSESS INTERNAL CONTROLS

USING CobiT IN A SOX ENVIRONMENT

CobiT ASSURANCE FRAMEWORK GUIDANCE

CobiT IN PERSPECTIVE

NOTES

CHAPTER THREE: IIA and ISACA Standards for the Professional Practice of Internal Auditing

INTERNAL AUDITING’S INTERNATIONAL PROFESSIONAL PRACTICE STANDARDS

CONTENT OF THE IPPF AND THE IIA INTERNATIONAL STANDARDS

STRONGLY RECOMMENDED IIA STANDARDS GUIDANCE

ISACA IT AUDITING STANDARDS OVERVIEW

CODES OF ETHICS: THE HA AND ISACA

NOTES

CHAPTER FOUR: Understanding Risk Management Through COSO ERM

RISK MANAGEMENT FUNDAMENTALS

QUANTITATIVE RISK ANALYSIS TECHNIQUES

IIA AND ISACA RISK MANAGEMENT INTERNAL AUDIT GUIDANCE

COSO ERM: ENTERPRISE RISK MANAGEMENT

IT AUDIT RISK AND COSO ERM

NOTES

CHAPTER FIVE: Performing Effective IT Audits

IT AUDIT AND THE ENTERPRISE INTERNAL AUDIT FUNCTION

ORGANIZING AND PLANNING IT AUDITS

DEVELOPING AND PREPARING AUDIT PROGRAMS

GATHERING AUDIT EVIDENCE AND TESTING RESULTS

WORKPAPERS AND REPORTING IT AUDIT RESULTS

PREPARING EFFECTIVE IT AUDITS

NOTES

PART TWO: Auditing IT General Controls

CHAPTER SIX: General Controls in Today’s IT Environments

IMPORTANCE OF IT GENERAL CONTROLS

IT GOVERNANCE GENERAL CONTROLS

IT MANAGEMENT GENERAL CONTROLS

IT TECHNICAL ENVIRONMENT GENERAL CONTROLS

NOTE

CHAPTER SEVEN: Infrastructure Controls and ITIL Service Management Best Practices

ITIL SERVICE MANAGEMENT BEST PRACTICES

ITIL’S SERVICE STRATEGIES COMPONENT

ITIL SERVICE DESIGN

ITIL SERVICE TRANSITION MANAGEMENT PROCESSES

ITIL SERVICE OPERATION PROCESSES

SERVICE DELIVERY BEST PRACTICES

AUDITING IT INFRASTRUCTURE MANAGEMENT

NOTE

CHAPTER EIGHT: Systems Software and IT Operations General Controls

IT OPERATING SYSTEM FUNDAMENTALS

FEATURES OF A COMPUTER OPERATING SYSTEM

OTHER SYSTEMS SOFTWARE TOOLS

CHAPTER NINE: Evolving Control Issues: Wireless Networks, Cloud Computing, and Virtualization

UNDERSTANDING AND AUDITING IT WIRELESS NETWORKS

UNDERSTANDING CLOUD COMPUTING

STORAGE MANAGEMENT VIRTUALIZATION

PART THREE: Auditing and Testing IT Application Controls

CHAPTER TEN: Selecting, Testing, and Auditing IT Applications

IT APPLICATION CONTROL ELEMENTS

SELECTING APPLICATIONS FOR IT AUDIT REVIEWS

PERFORMING AN APPLICATIONS CONTROLS REVIEW: PRELIMINARY STEPS

COMPLETING THE IT APPLICATIONS CONTROLS AUDIT

APPLICATION REVIEW CASE STUDY: CLIENT-SERVER BUDGETING SYSTEM

AUDITING APPLICATIONS UNDER DEVELOPMENT

IMPORTANCE OF REVIEWING IT APPLICATION CONTROLS

NOTES

CHAPTER ELEVEN: Software Engineering and CMMi

SOFTWARE ENGINEERING CONCEPTS

CMMI: CAPABILITY MATURITY MODEL FOR INTEGRATION

CMMI BENEFITS

IT AUDIT, INTERNAL CONTROL, AND CMMI

NOTE

CHAPTER TWELVE: Auditing Service-Oriented Architectures and Record Management Processes

SERVICE-ORIENTED COMPUTING AND SERVICE-DRIVEN APPLICATIONS

IT AUDITING IN SOA ENVIRONMENTS

ELECTRONIC RECORDS MANAGEMENT INTERNAL CONTROL ISSUES AND RISKS

IT AUDITS OF ELECTRONIC RECORDS MANAGEMENT PROCESSES

NOTES

CHAPTER THIRTEEN: Computer-Assisted Audit Tools and Techniques

UNDERSTANDING COMPUTER-ASSISTED AUDIT TOOLS AND TECHNIQUES

DETERMINING THE NEED FOR CAATTS

CAATT SOFTWARE TOOLS

STEPS TO BUILDING EFFECTIVE CAATTS

IMPORTANCE OF CAATTS FOR AUDIT EVIDENCE GATHERING

CHAPTER FOURTEEN: Continuous Assurance Auditing, OLAP, and XBRL

IMPLEMENTING CONTINUOUS ASSURANCE AUDITING

BENEFITS OF CONTINUOUS ASSURANCE AUDITING TOOLS

DATA WAREHOUSES, DATA MINING, AND OLAP

XBRL: THE INTERNET-BASED EXTENSIBLE MARKUP LANGUAGE

NEWER TECHNOLOGIES, THE CONTINUOUS CLOSE, AND IT AUDIT

NOTES

PART FOUR: Importance of IT Governance

CHAPTER FIFTEEN: IT Controls and the Audit Committee

ROLE OF THE AUDIT COMMITTEE FOR IT AUDITORS

AUDIT COMMITTEE APPROVAL OF INTERNAL AUDIT PLANS AND BUDGETS

AUDIT COMMITTEE BRIEFINGS ON IT AUDIT ISSUES

AUDIT COMMITTEE REVIEW AND ACTION ON SIGNIFICANT IT AUDIT FINDINGS

IT AUDIT AND THE AUDIT COMMITTEE

CHAPTER SIXTEEN: Val IT, Portfolio Management, and Project Management

VAL IT: ENHANCING THE VALUE OF IT INVESTMENTS

IT SYSTEMS PORTFOLIO AND PROGRAM MANAGEMENT

PROJECT MANAGEMENT FOR IT AUDITORS

NOTES

CHAPTER SEVENTEEN: Compliance with IT-Related Laws and Regulations

COMPUTER FRAUD AND ABUSE ACT

COMPUTER SECURITY ACT OF 1987

GRAMM-LEACH-BLILEY ACT

HIPAA: HEALTHCARE AND MUCH MORE

OTHER PERSONAL PRIVACY AND SECURITY LEGISLATIVE REQUIREMENTS

IT-RELATED LAWS, REGULATIONS, AND AUDIT STANDARDS

CHAPTER EIGHTEEN: Understanding and Reviewing Compliance with ISO Standards

BACKGROUND AND IMPORTANCE OF ISO STANDARDS IN A WORLD OF GLOBAL COMMERCE

ISO STANDARDS OVERVIEW

ISO 19011 QUALITY MANAGEMENT SYSTEMS AUDITING

ISO STANDARDS AND IT AUDITORS

NOTES

CHAPTER NINETEEN: Controls to Establish an Effective IT Security Environment

GENERALLY ACCEPTED SECURITY STANDARDS

EFFECTIVE IT PERIMETER SECURITY

ESTABLISHING AN EFFECTIVE, ENTERPRISE-WIDE SECURITY STRATEGY

BEST PRACTICES FOR IT AUDIT AND SECURITY

NOTES

CHAPTER TWENTY: Cybersecurity and Privacy Controls

IT NETWORK SECURITY FUNDAMENTALS

IT SYSTEMS PRIVACY CONCERNS

PCI-DSS FUNDAMENTALS

AUDITING IT SECURITY AND PRIVACY

SECURITY AND PRIVACY IN THE INTERNAL AUDIT DEPARTMENT

NOTES

CHAPTER TWENTY-ONE: IT Fraud Detection and Prevention

UNDERSTANDING AND RECOGNIZING FRAUD IN AN IT ENVIRONMENT

RED FLAGS: FRAUD DETECTION SIGNS FOR IT AND OTHER INTERNAL AUDITORS

PUBLIC ACCOUNTING’S ROLE IN FRAUD DETECTION

IIA STANDARDS AND ISACA MATERIALS FOR DETECTING AND INVESTIGATING FRAUD

IT AUDIT FRAUD RISK ASSESSMENTS

IT AUDIT FRAUD INVESTIGATIONS

IT FRAUD PREVENTION PROCESSES

FRAUD DETECTION AND THE IT AUDITOR

NOTES

CHAPTER TWENTY-TWO: Identity and Access Management

IMPORTANCE OF IDENTITY AND ACCESS MANAGEMENT

IDENTITY MANAGEMENT PROCESSES

SEPARATION OF DUTIES IDENTIFY MANAGEMENT CONTROLS

ACCESS MANAGEMENT PROVISIONING

AUTHENTICATION AND AUTHORIZATION

AUDITING IDENTITY AND ACCESS MANAGEMENT PROCESSES

NOTE

CHAPTER TWENTY-THREE: Establishing Effective IT Disaster Recovery Processes

IT DISASTER AND BUSINESS CONTINUITY PLANNING TODAY

BUILDING AND AUDITING AN IT DISASTER RECOVERY PLAN

BUILDING THE IT DISASTER RECOVERY PLAN

DISASTER RECOVERY PLANNING AND SERVICE LEVEL AGREEMENTS

NEWER DISASTER RECOVERY PLAN TECHNOLOGIES: DATA MIRRORING TECHNIQUES

AUDITING BUSINESS CONTINUITY PLANS

DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING GOING FORWARD

NOTES

CHAPTER TWENTY-FOUR: Electronic Archiving and Data Retention

ELEMENTS OF A SUCCESSFUL ELECTRONIC RECORDS MANAGEMENT PROCESS

ELECTRONIC DOCUMENTATION STANDARDS

IMPLEMENTING ELECTRONIC IT DATA ARCHIVING

AUDITING ELECTRONIC DOCUMENT RETENTION AND ARCHIVAL PROCESSES

CHAPTER TWENTY-FIVE: Business Continuity Management, BS 25999, and ISO 27001

IT BUSINESS CONTINUITY MANAGEMENT PLANNING NEEDS TODAY

BS 25999 GOOD PRACTICE GUIDELINES

AUDITING BCM PROCESSES

LINKING THE BCM WITH OTHER STANDARDS AND PROCESSES

NOTES

CHAPTER TWENTY-SIX: Auditing Telecommunications and IT Communications Networks

NETWORK SECURITY CONCEPTS

EFFECTIVE IT NETWORK SECURITY CONTROLS

AUDITING A VPN INSTALLATION

NOTE

CHAPTER TWENTY-SEVEN: Change and Patch Management Controls

IT CHANGE MANAGEMENT PROCESSES

AUDITING IT CHANGE AND PATCH MANAGEMENT CONTROLS

NOTES

CHAPTER TWENTY-EIGHT: Six Sigma and Lean Technologies

SIX SIGMA BACKGROUND AND CONCEPTS

IMPLEMENTING SIX SIGMA

LEAN SIX SIGMA

NOTES

CHAPTER TWENTY-NINE: Building an Effective IT Internal Audit Function

ESTABLISHING AN IT INTERNAL AUDIT FUNCTION

INTERNAL AUDIT CHARTER: AN IMPORTANT IT AUDIT AUTHORIZATION

ROLE OF THE CHIEF AUDIT EXECUTIVE

IT AUDIT SPECIALISTS

IT AUDIT MANAGERS AND SUPERVISORS

INTERNAL AND IT AUDIT POLICIES AND PROCEDURES

ORGANIZING AN EFFECTIVE IT AUDIT FUNCTION

IMPORTANCE OF A STRONG IT AUDIT FUNCTION

NOTE

CHAPTER THIRTY: Professional Certifications: CISA, CIA, and More

CERTIFIED INFORMATION SYSTEMS AUDITOR CREDENTIALS

CERTIFIED INFORMATION SECURITY MANAGER CREDENTIALS

CERTIFICATE IN THE GOVERNANCE OF ENTERPRISE IT

CERTIFIED INTERNAL AUDITOR RESPONSIBILITIES AND REQUIREMENTS

BEYOND THE CIA: OTHER IIA CERTIFICATIONS

CISSP INFORMATION SYSTEMS SECURITY PROFESSIONAL CERTIFICATION

CERTIFIED FRAUD EXAMINER CERTIFICATION

Lesen Sie weiter in der vollständigen Ausgabe!

Tausende von E-Books und Hörbücher

Ihre Zahl wächst ständig und Sie haben eine Fixpreisgarantie.

Sie haben über uns geschrieben: