StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

How Should Organizational Information Systems Be Audited for Security - Essay Example

Cite this document
Summary
"How Should Organizational Information Systems Be Audited for Security" paper argues that the process of tackling information security risks varies and depends on the nature of the processing carried out by the business and the sensitivity of the data and information which is being processed…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER98.8% of users find it useful
How Should Organizational Information Systems Be Audited for Security
Read Text Preview

Extract of sample "How Should Organizational Information Systems Be Audited for Security"

ID # How should organizational information systems be audited for security Paper Information security auditing is a process of carrying out self-governing assessments of an organization’s processes, policies, measures, standards and practices implemented in an attempt to protect electronic information from loss, damage, rejection of availability or unintended disclosure. In addition, the extensive scope of work comprises the evaluation of wide-ranging processes and application controls. Additionally, the present condition of technology necessitates audit steps that share to testing methods of access paths appearing due to the connectivity of LAN or local-area networks, WAN or wide-area networks, Internet, intranet etc., in the information technology environment (U. S. General Accounting Office; Mandol and Verma; Cert-In; Stanford University; Davis). At the present, businesses should take a number of steps in an attempt to formulate or improve an IS security audit facility. For instance, organizations must clearly outline their business goals and aims. After that, the business should evaluate its own information security audit readiness. However, this kind of evaluation requires from organizations to recognize a variety of matter such as reporting limitations, legal problems, the audit situation, security and safety vulnerabilities, abilities automated tools and associated costs. Additionally, it is essential for the organizations to plan how to decide what information systems security audit projects should be performed for instance both stand-alone information system security audit projects and those projects which require support from the information systems security audit potential. Thus, when the planning stage is successfully completed, businesses should be able to connect the aims and objectives selected in the initial phase to the tasks required for their completion. On the other hand, all through the process, businesses should not ignore the resources exist on the Web intended for research and training (U. S. General Accounting Office; Mandol and Verma; Cert-In; Stanford University; Davis). Moreover, making a decision regarding organization’s aims and objectives for developing or improving an information system’s security audit capability will support them in determining and understanding the varieties of skills, tools and training required to carry out this process. In this scenario, it is essential for the organizations to define objectives and aims earlier without initial recognition like that how and by whom the business aims and objectives would be convened (for instance, whether organization resources would be contractor, in-house, shared staff or a number of combinations). In addition, establishment of temporary milestones will facilitate in attaining a staged accomplishment of organization’s desired policy. Additionally, while constructing an information system security audit potential, administration should review the organization’s information systems security audit willingness by keeping in mind the applicable issues. In this scenario, the implementation of a baseline by recognizing powers and faults will facilitate an organization to choose a most excellent system to proceed (U. S. General Accounting Office; Mandol and Verma; Cert-In; Stanford University; Davis). Moreover, the process of tackling information security risks varies and depends on the nature of the processing carried out by the business and sensitivity of the data and information which is being processed. However, to completely judge these issues and risks, the auditor should completely understand information about the business’s computer operations and major applications. In this scenario, a most important part of planning to produce or improve a successful information systems security audit potential can encompass activities such as assessing the present staff’s skills, knowledge and capabilities to decide what the audit capability is at the present and what knowledge have to be obtained (U. S. General Accounting Office; Mandol and Verma; Cert-In; Stanford University; Davis). COBIT is an information technology governance structure and toolset that facilitates managers to bridge the gap among control needs, technical issues and company risks. In addition, COBIT allows organizations to build and implement an apparent policy and high-quality practice for IT control all through business. Moreover, COBIT highlights authoritarian fulfillment, facilitates the business to augment the value achieved from IT, facilitates arrangement and simplifies completion of the COBIT structure (ISACA.). Paper 2 For this paper we have selected TOPCAATS, AUDIMATION and ACL. These are auditing software applications. In this section I will discuss these applications from the cost and performance point of view. I have listed below the websites for each application: http://www.topcaats.com/ http://www.audimation.com/ http://www.acl.com/ The table given below outlines the description of the above given tools: Name of the tool Brief description of the program and what it claims to do Specific business needs being addressed by program and value delivered by it Your reasons why you decided to check it out (first impression) Your overall evaluation of it, to the degree that you can judge; is it something you'd use?  Why? (Please comment also on the effectiveness of the demo itself) http://www.topcaats.com/ TopCAATs is used by a broad variety of Audit, Accounting and Finance Professionals.  For the assessment of the systems from the cost point of view TopCAATs are less than ? of the cost of IDEA or ACL applications.  TopCAATs are the complete subject to the parallel boundaries similar to the Excel and are equivalent to Excel 2003 with 65,536 rows.  TopCAATs are easy to use at each level. They offer a lot of features which are easy to use.  The exclusive color coded input data and information boxes (inputs are red if they hold invalid data or missing value, and green in case if they hold valid data), easy perceptive user-forms as well as inbuilt help, outcome in negligible (if any) training needs.   http://www.audimation.com/  It allows the organizations to carry out data analysis and help organizations access, analyze and share data. It allows professionals to make best use of the powerful functionality and rich features it provides by means of technical facilities and support, training, user groups and fraud seminars.    It offers a commanding and easy to use application intended to facilitate the organizations and individuals in accounting and auditing and documentation. http://www.acl.com/  IDEA and ACL are jointly unlimited to the amount of data and information that they are capable to inspect (restricted only in the course of the size of our hard disk).  IDEA and ACL are much quicker at analyzing data as compared to TopCAATs, even though none of the systems were mainly slow.  Both IDEA and ACL allow for printing files, allows us to simply describe the fields as well as strip out the headers.  Both ACL and IDEA offer easy to use features. Both these applications are executed totally inside Excel. Summary and conclusions from a user and organizational level  While selecting Generalized Audit Software, organizations must keep in mind various factors, such as data analysis characteristics, easy to use features, price, importation needs, etc. In addition, before selecting and purchasing costly software for the entire department, start small as well as begin with some of these methods to carry out important business operations.  TopCAATs works well with Excel, thus they can be employed on a great deal more regular basis, as well as this decompose of knowledge over time is a great deal fewer profound. Cumulative learning Information system auditing has become essential for the organizations which heavily depend on data and information. This assignment has helped me to learn about the process of information system auditing and why it is carried out. I have learned about different tools and applications which can be used by the organizations to carry out auditing process. For this research I have conducted experiments while using different applications. This assignment helped me to learn which application/tool is useful in specific scenario. Works Cited Cert-In. EMPANELLED OF INFORMATION SECURITY AUDITING ORGANISATIONS. 2011. 20 November 2011 . Davis, Robert E. Auditing Information Security Management . 2011. 20 November 2011 . ISACA. COBIT Framework for IT Governance and Control . 2011. 24 November 2011 . Mandol, Puja S and Monika Verma. IT Audit Seminar organized by National Audit Office, China Paper on “Formulation of IT Auditing Standards”. 01 September 2004. 21 November 2011 . Stanford University. Stanford IT Audits. 03 November 2011. 24 November 2011 . U. S. General Accounting Office. Management Planning Guide for Information Systems Security Auditing. 10 December 2001. 20 November 2011 . Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“How Should Organizational Information Systems Be Audited for Security Essay”, n.d.)
How Should Organizational Information Systems Be Audited for Security Essay. Retrieved from https://studentshare.org/information-technology/1437331-how-should-organizational-information-systems-be
(How Should Organizational Information Systems Be Audited for Security Essay)
How Should Organizational Information Systems Be Audited for Security Essay. https://studentshare.org/information-technology/1437331-how-should-organizational-information-systems-be.
“How Should Organizational Information Systems Be Audited for Security Essay”, n.d. https://studentshare.org/information-technology/1437331-how-should-organizational-information-systems-be.
  • Cited: 0 times

CHECK THESE SAMPLES OF How Should Organizational Information Systems Be Audited for Security

Information Systems Audit and Control: Computer Fraud

In the paper “information systems Audit and Control: Computer Fraud” the author discusses computer frauds, which can inflict enormous damage to an organization and community.... In addition, it is probably because Information security is traditional "not a key factor" (OTA, 1987, p.... he reality that electronic or information technology-based commerce is too tempting for an individual who has at least some background on how the system works and in the case of this former employee, he is much aware of the vulnerabilities of the system....
8 Pages (2000 words) Essay

IT Audit & Security controls at ABC Company

security of information is foremost concern for most of the organizations planning for mobile deployment.... Some of the major risks deploying mobile devices are as follows:Loss or theft of mobile deviceSpreading of virus and wormNetwork compromises Organizations can overcome the risk associated with mobile workforce to some extent by applying various security and precautionary measures.... security of information is foremost concern for most of the organizations planning for mobile deployment....
25 Pages (6250 words) Essay

Fundamentals of Information and Information Systems

The concept behind e-services is there's a particular task, asset, or capability that you want to gain access to, that now can be made available to you over the Net, because it's now being created as an Internet service. This report pertains to the current position of Hewlett Packard (HP) information systems, its current business problems and the way ahead for this business organization.... At this point HP's corporate software and support division and corporate systems...
15 Pages (3750 words) Essay

Information System Security

To ensure this, adequate and effective risk management practices must be in place – that is, risk management must be effectively integrated into an organization's existing security model, having readily available solutions for security threats and being ever vigilant for novel security threats as they develop.... The purpose of this study is to identify the role of risk management as part of the security model of modern information systems.... For the identification of the risks faced by modern information systems, the researcher identified and presented the most common risks and threats a modern information system faces today and how they have developed over time....
56 Pages (14000 words) Essay

Information Security Management of BS 7799

This paper "Information security Management of BS 7799" focuses on the fact that BS 7799 is the most influential globally recognised standard for information security management systems around the world.... security and safeguard of information were handled very informally till the '90s.... BS7799, which now has the international number ISO 27001:2005, is the international best practice information security management standard, defining and guiding Information security Management System development....
6 Pages (1500 words) Case Study

Statutory Audits, Information Security and the Digital Divide

This paper examines the role of information security professionals in controlling risks in a period of fast IT growth and the role of corporate governance and statutory audit in ensuring that those systems are working.... hellip; With more information circulating with the bridging of the digital divide, there is a need for information security professionals to play a proactive role in the company.... The main stakeholders of information security matters include information security managers, IT managers, other managers and end-users in the organization....
9 Pages (2250 words) Research Paper

Framework and Assumptions for Creation of Information Security System

his is mostly because of the changing pattern of marketing trends and the competition level; industries are becoming more and more concerned regarding the confinement of their organizational information to prevent the competitors from imitating it.... The paper "Framework and Assumptions for Creation of Information security System" discusses that before understanding the concepts of online system security, it is necessary to attain a detailed understanding regarding the type of security breaches that might occur in the present information network....
13 Pages (3250 words) Coursework

Management of Information Security

In addition to earthquakes, organizational information systems may be threatened by the temperature levels of a location.... In addition, Lindstrom (2003) explains that wildfires may bring about a catastrophic effect on information systems in a given organization if they fully or partially destroy the buildings in which computers are stored.... Moreover, areas with powerful seismic waves experience frequent earthquakes, thus causing a substantial threat to information systems in these areas....
13 Pages (3250 words) Literature review
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us