Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
National State Auditors Association and the U. S. General Accounting

National State Auditors Association and the U. S. General Accounting



|Views: 65|Likes:
Published by adiltsa

More info:

Categories:Types, Brochures
Published by: adiltsa on Aug 05, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





National State Auditors Associationand theU. S. General Accounting Office
 A Joint Initiative 
Management Planning Guide forInformation Systems Security Auditing
December 10, 2001
References to specific vendors, services, products, and Websites noted throughout this document are included asexamples of information available on information security.Such references do not constitute a recommendation orendorsement. Readers should keep in mind that theaccuracy, timeliness, and value of Web site information can vary widely and should take appropriate steps to verify anyWeb-based information they intend to rely on.
December 10, 2001On behalf of the U. S. General Accounting Office (GAO) and the National State Auditors Association(NSAA), it is our pleasure to present this
Management Planning Guide for Information Systems Security Auditing 
.The rapid and dramatic advances in information technology (IT) in recent years have without questiongenerated tremendous benefits. At the same time, however, they have created significant,unprecedented risks to government operations. Computer security has, in turn, become much moreimportant as all levels of government utilize information systems security measures to avoid datatampering, fraud, disruptions in critical operations, and inappropriate disclosure of sensitiveinformation. Such use of computer security is essential in minimizing the risk of malicious attacksfrom individuals and groups.To be effective in ensuring accountability, auditors must be able to evaluate information systemssecurity and offer recommendations for reducing security risks to an acceptable level. To do so, theymust possess the appropriate resources and skills.This guide is intended to help audit organizations respond to this expanding use of IT and theconcomitant risks that flow from such pervasive use by governments. It applies to any evaluativegovernment organization, regardless of size or current methodology. Directed primarily at executivesand senior managers, the guide covers the steps involved in establishing or enhancing an informationsecurity auditing capability: planning, developing a strategy, implementing the capability, andassessing results.We hope this guide—a cooperative effort among those at the federal, state, and local levels—will assistgovernments in meeting the challenge of keeping pace with the rapid evolution and deployment of newinformation technology. We wish to extend sincere appreciation to the task force responsible for preparing this guide, particularly the work of task force leaders Carol Langelier of GAO and JonIngram of the Office of Florida Auditor General. Additional copies of the guide are available at the Web sites of both GAO (
) and theNational Association of State Auditors, Comptrollers, and Treasurers (
). For furtherinformation about the guide, please contact any of the task force members listed on the next page.Sincerely,David M. WalkerRonald L. JonesComptroller GeneralPresident, NSAAof the United StatesChief Examiner, Alabama

Activity (2)

You've already reviewed this. Edit your review.
1 thousand reads
1 hundred reads

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->