- English
- ePUB (mobile friendly)
- Available on iOS & Android
Auditor's Guide to IT Auditing
About This Book
Step-by-step guide to successful implementation and control of IT systems—including the Cloud
Many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Now in a Second Edition, Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.
- Follows the approach used by the Information System Audit and Control Association's model curriculum, making this book a practical approach to IS auditing
- Serves as an excellent study guide for those preparing for the CISA and CISM exams
- Includes discussion of risk evaluation methodologies, new regulations, SOX, privacy, banking, IT governance, CobiT, outsourcing, network management, and the Cloud
- Includes a link to an education version of IDEA--Data Analysis Software
As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. Auditor's Guide to IT Auditing, Second Edition empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.
Frequently asked questions
PART ONE
IT Audit Process
CHAPTER ONE
Technology and Audit
- Understand the technology currently in use in business
- Understand the jargon and its meaning
- Define the components of control in an IT environment
- Briefly explain who the players are and what their roles are
- Define the fundamental differences between batch and online systems
- Explain the principal business risks within each processing type
- Describe the components that make up the online system and the effect these have on control objectives
- Explain the controls within each type of computer system
- Contrast the basics of batch and online security
- Demonstrate an ability to:
- Identify the differing types of database structures
- Identify the principal components of each type of Database Management System (DBMS)
- Identify the primary threats to each of these components
- Relate DBMS components to the operating system environment in which they operate
- Identify potential control opportunities and select among control alternatives
- Identify the principal DBMS products in the market
- Recognize vulnerabilities in multiple DBMS environments and make appropriate recommendations
TECHNOLOGY AND AUDIT
Some Computing Jargon
Hardware
- CPU. The Central Processing Unit is the heart of the computer. This is the logic unit that handles the arithmetic processing of all calculations.
- Peripherals. Peripheral devices are those devices that attach to the CPU to handle—typically—inputs and outputs. These include:
- Terminals
- Printers
- Disk and tape devices
- Memory. Memory takes the form in modern computers of silicon chips capable of storing information. In commercial computers, this information takes the form of 1 and 0 in the notation known as binary. Memory comes in various forms including:
- RAM. Random Access Memory whose contents can be changed but which is vulnerable to loss of power where the contents of memory may also be lost. This type of memory is also known as dynamic or volatile memory.
- ROM. Read-Only Memory is a form of memory whereby instructions are “burned-in” and not lost in the event of a power loss. These programs cannot be changed. This is also known as non-volatile memory.
- PROM. Programmable Read-Only Memory is similar to ROM but can have the contents changed.
- EPROM. Erasable Programmable Read-Only Memory is similar to PROM but the instructions can be erased by ultra-violet light. There is another version of memory known as nonvolatile RAM. This is memory that has been attached to a battery so that, in the event of a power loss, the contents will not be lost.
- Mainframe. Mainframe computers are the large (physically as well as in power) computers used by companies to carry out large-volume processing and concentrated computing.
- Mini. Minicomputers are physically smaller than mainframes, although the power of many minicomputers exceeds that of recent mainframes.
- Micro. Microcomputers are physically small computers with limited processing power and storage. Having said that, the power and capacity of today’s micro is equivalent to that of a mainframe only five years ago.
- LANs. Local Areas Networks are collections of computers linked together within a comparatively small area.
- WANs. Wide Area Networks are collections of computers spread over a large geographic area.
Storage
- Bits. Binary Digits, individual ones and zeros
- Bytes. Collections of Bits making up individual characters
- Disks. Large-capacity storage devices containing anything from 10 Mb to 150 Gb of data
- Diskettes. Small-capacity removable disks containing from 360 k to 100 Mb of data
- Optical Disks. Laser-encoded disks containing between 650 Mb and 9 GB of data
- Tapes. Reel-to-Reel or cassettes that store data
- Memory. See Memory under the Hardware section
Communications
- Terminals. Remote devices allowing the input and output to and from the computer of data and programs.
- Modem. MOdulator/DEModulator, which translates digital computer signals into analog signals for telephone wires and retranslates them at the other end.
- Multiplexer. Combining signals from a variety of devices to maximize utilization of expensive communication lines.
- Cable. Metallic cable, usually copper, which can carry the signal between computers. These may come in the form of “twisted pair,” where two or more cables are strung together within a plastic sleeve, or in the form of coaxial, where a cable runs within a metallic braiding in the same manner as a television aerial cable.
- Fiber Optics. These consist of fine strands of fiberglass or plastic filaments that carry light signals without the need for electrical insulation. They have extremely high capacity and transfer rates but are expensive.
- Microwave. This form of communication involves sending high-power signals from a transmitter to a receiver. They work on a direct line-of-sight basis but require no cables.
Input
- Cards. Rarely seen nowadays, punch cards were among the first input and output media and consisted of cardboard sheets, some 8 inches by 4 inches with
80 columns, where rectangular holes could be punched in combinations to represent numeric, alphabetic, and special characters. - Paper Tape. Another early input/output medium, paper tape was a low-cost alternative to punch cards and consisted of a one-inch wide paper tape with circular holes punched in it to form the same range of characters.
- Keyboards. The most common input device today (although that is changing). Most keyboards are still based on the original typist’s QWERTY keyboard design.
- Mouse. An electromechanical pointing device used for inputting instructions in real time.
- Scanners. Optical device...
Table of contents
- Cover
- Content
- Series Page
- Title Page
- Copyright
- Dedication
- Preface
- PART ONE: IT Audit Process
- PART TWO: Information Technology Governance
- PART THREE: Systems and Infrastructure Lifecycle Management
- PART FOUR: Information Technology Service Delivery and Support
- PART FIVE: Protection of Information Assets
- PART SIX: Business Continuity and Disaster Recovery
- PART SEVEN: Advanced IT Auditing
- APPENDIX A: Ethics and Standards for the IS Auditor
- APPENDIX B: Audit Program for Application Systems Auditing
- APPENDIX C: Logical Access-Control Audit Program
- APPENDIX D: Audit Program for Auditing UNIX/Linux Environments
- APPENDIX E: Audit Program for Auditing Windows VISTA and Windows 7 Environments
- About the Author
- About the Website
- Index
- End User License Agreement