This document summarizes the requirements for an information systems (IS) auditor. It discusses that an IS auditor must be independent, adhere to ethics codes, and continuously learn. The auditor is also accountable for having sufficient evidence. Fundamental security features of IS include maintaining confidentiality of data, integrity of information, and availability of systems. Operational security examples provided are organizational security like asset classification and control, personnel security, physical security, communications management, system development and maintenance, business continuity, and compliance.
This document summarizes the requirements for an information systems (IS) auditor. It discusses that an IS auditor must be independent, adhere to ethics codes, and continuously learn. The auditor is also accountable for having sufficient evidence. Fundamental security features of IS include maintaining confidentiality of data, integrity of information, and availability of systems. Operational security examples provided are organizational security like asset classification and control, personnel security, physical security, communications management, system development and maintenance, business continuity, and compliance.
This document summarizes the requirements for an information systems (IS) auditor. It discusses that an IS auditor must be independent, adhere to ethics codes, and continuously learn. The auditor is also accountable for having sufficient evidence. Fundamental security features of IS include maintaining confidentiality of data, integrity of information, and availability of systems. Operational security examples provided are organizational security like asset classification and control, personnel security, physical security, communications management, system development and maintenance, business continuity, and compliance.
Please refer to the file Formulation of IT Auditing Standards.doc for the
required answers. QUESTIONS: 1. Discuss a summary on the listed generic requirements for IS Audit.
As an information system auditor we should have the responsibility to
be independent by means of attitude and appearance. We have to adhere to the code of professional ethics to be more competent and we should have the willingness to adopt new knowledge through continuing professional education. Being an information system auditor we have the accountability to have sufficient, reliable, relevant and useful evidence about the report that we will be working. We should supervise an information audit staff to ensure that the auditing standards are met.
2. Discuss the three fundamental feature of IS in relation to Security Audit.
Confidentiality should be maintained in an information system because theres a lot data or files that are not meant to see by others. Integrity refers to the completeness of information. It is important in an information system because will provide the assurance that the system is reliable. Availability should have in an information system so that it is easily to continue the business regarding to the information and operation when it is needed.
3. Discuss by giving an example on the following Operational Systems Security:
a. Organizational Security b. c. d. e. f.
Asset classification and control
Personnel security Physical and environmental security Communications and Operations Management System Development and Maintenance