Understanding And Conducting Information Systems Auditing

The increased dependence on information systems assets for performing critical functions of an organization has enhanced the need for using an information systems audit as a control to ensure confidentiality, integrity, and availability of information systems resources. But in order to achieve these goals, auditors in this field face some difficult challenges, including the absence of a standardized audit approach and the lack of relevant checklists. As experts in the information systems arena, authors Veena Hingarh and Arif Ahmed are quite familiar with these important issues. And now, with Understanding and Conducting Information Systems Auditing, they share their valuable insights with you. Divided into two comprehensive parts, this practical guide focuses on the subject of information systems audit as one driven by management not technology. Part One skillfully provides the knowledge that all information systems auditors must have to effectively perform their job. The ten chapters included here progressively build up your competence for conducting a real-life information systems audit as they cover everything from hardware and software security issues to business continuity and disaster recovery plans. Part Two of the book explains the process involved in conducting an ISecGrade audit for awarding security grade to an auditee and contains forty domain-specific checklists under the ISecGrade methodology a proprietary open source information systems audit methodology developed by the South Asian Management Technologies Foundation. Various checklists, regulatory guidelines, and best practice standards were consulted to develop these checklists as well as the authors' personal experiences with conducting information systems audits. Complete with the most up-to-date information you need to understand the subject, definitions of technical terms, checklists to conduct audits, and a session quiz to review the level of your understanding, this book is an indispensable resource for the information systems practitioner and aspiring professional. Engaging and accessible, Understanding and Conducting Information Systems Auditing will help you make information technology installation across the world more secure.