0
0
IT Audit, Control, and Security

IT Audit, Control, and Security

Höfundur Robert R. Moeller

Útgefandi Wiley Professional Development (P&T)

Snið ePub

Print ISBN 9780471406761

Útgáfa 1

Útgáfuár 2011

10.390 kr.

Description

Efnisyfirlit

  • Cover
  • Contents
  • Title page
  • Copyright
  • Dedication
  • Introduction
  • PART ONE: Auditing Internal Controls in an IT Environment
  • CHAPTER ONE: SOx and the COSO Internal Controls Framework
  • ROLES AND RESPONSIBILITIES OF IT AUDITORS
  • IMPORTANCE OF EFFECTIVE INTERNAL CONTROLS AND COSO
  • COSO INTERNAL CONTROL SYSTEMS MONITORING GUIDANCE
  • SARBANES-OXLEY ACT
  • WRAPPING IT UP: COSO INTERNAL CONTROLS AND SOX
  • NOTES
  • CHAPTER TWO: Using CobiT to Perform IT Audits
  • INTRODUCTION TO CobiT
  • CobiT FRAMEWORK
  • USING CobiT TO ASSESS INTERNAL CONTROLS
  • USING CobiT IN A SOX ENVIRONMENT
  • CobiT ASSURANCE FRAMEWORK GUIDANCE
  • CobiT IN PERSPECTIVE
  • NOTES
  • CHAPTER THREE: IIA and ISACA Standards for the Professional Practice of Internal Auditing
  • INTERNAL AUDITING’S INTERNATIONAL PROFESSIONAL PRACTICE STANDARDS
  • CONTENT OF THE IPPF AND THE IIA INTERNATIONAL STANDARDS
  • STRONGLY RECOMMENDED IIA STANDARDS GUIDANCE
  • ISACA IT AUDITING STANDARDS OVERVIEW
  • CODES OF ETHICS: THE HA AND ISACA
  • NOTES
  • CHAPTER FOUR: Understanding Risk Management Through COSO ERM
  • RISK MANAGEMENT FUNDAMENTALS
  • QUANTITATIVE RISK ANALYSIS TECHNIQUES
  • IIA AND ISACA RISK MANAGEMENT INTERNAL AUDIT GUIDANCE
  • COSO ERM: ENTERPRISE RISK MANAGEMENT
  • IT AUDIT RISK AND COSO ERM
  • NOTES
  • CHAPTER FIVE: Performing Effective IT Audits
  • IT AUDIT AND THE ENTERPRISE INTERNAL AUDIT FUNCTION
  • ORGANIZING AND PLANNING IT AUDITS
  • DEVELOPING AND PREPARING AUDIT PROGRAMS
  • GATHERING AUDIT EVIDENCE AND TESTING RESULTS
  • WORKPAPERS AND REPORTING IT AUDIT RESULTS
  • PREPARING EFFECTIVE IT AUDITS
  • NOTES
  • PART TWO: Auditing IT General Controls
  • CHAPTER SIX: General Controls in Today’s IT Environments
  • IMPORTANCE OF IT GENERAL CONTROLS
  • IT GOVERNANCE GENERAL CONTROLS
  • IT MANAGEMENT GENERAL CONTROLS
  • IT TECHNICAL ENVIRONMENT GENERAL CONTROLS
  • NOTE
  • CHAPTER SEVEN: Infrastructure Controls and ITIL Service Management Best Practices
  • ITIL SERVICE MANAGEMENT BEST PRACTICES
  • ITIL’S SERVICE STRATEGIES COMPONENT
  • ITIL SERVICE DESIGN
  • ITIL SERVICE TRANSITION MANAGEMENT PROCESSES
  • ITIL SERVICE OPERATION PROCESSES
  • SERVICE DELIVERY BEST PRACTICES
  • AUDITING IT INFRASTRUCTURE MANAGEMENT
  • NOTE
  • CHAPTER EIGHT: Systems Software and IT Operations General Controls
  • IT OPERATING SYSTEM FUNDAMENTALS
  • FEATURES OF A COMPUTER OPERATING SYSTEM
  • OTHER SYSTEMS SOFTWARE TOOLS
  • CHAPTER NINE: Evolving Control Issues: Wireless Networks, Cloud Computing, and Virtualization
  • UNDERSTANDING AND AUDITING IT WIRELESS NETWORKS
  • UNDERSTANDING CLOUD COMPUTING
  • STORAGE MANAGEMENT VIRTUALIZATION
  • PART THREE: Auditing and Testing IT Application Controls
  • CHAPTER TEN: Selecting, Testing, and Auditing IT Applications
  • IT APPLICATION CONTROL ELEMENTS
  • SELECTING APPLICATIONS FOR IT AUDIT REVIEWS
  • PERFORMING AN APPLICATIONS CONTROLS REVIEW: PRELIMINARY STEPS
  • COMPLETING THE IT APPLICATIONS CONTROLS AUDIT
  • APPLICATION REVIEW CASE STUDY: CLIENT-SERVER BUDGETING SYSTEM
  • AUDITING APPLICATIONS UNDER DEVELOPMENT
  • IMPORTANCE OF REVIEWING IT APPLICATION CONTROLS
  • NOTES
  • CHAPTER ELEVEN: Software Engineering and CMMi
  • SOFTWARE ENGINEERING CONCEPTS
  • CMMI: CAPABILITY MATURITY MODEL FOR INTEGRATION
  • CMMI BENEFITS
  • IT AUDIT, INTERNAL CONTROL, AND CMMI
  • NOTE
  • CHAPTER TWELVE: Auditing Service-Oriented Architectures and Record Management Processes
  • SERVICE-ORIENTED COMPUTING AND SERVICE-DRIVEN APPLICATIONS
  • IT AUDITING IN SOA ENVIRONMENTS
  • ELECTRONIC RECORDS MANAGEMENT INTERNAL CONTROL ISSUES AND RISKS
  • IT AUDITS OF ELECTRONIC RECORDS MANAGEMENT PROCESSES
  • NOTES
  • CHAPTER THIRTEEN: Computer-Assisted Audit Tools and Techniques
  • UNDERSTANDING COMPUTER-ASSISTED AUDIT TOOLS AND TECHNIQUES
  • DETERMINING THE NEED FOR CAATTS
  • CAATT SOFTWARE TOOLS
  • STEPS TO BUILDING EFFECTIVE CAATTS
  • IMPORTANCE OF CAATTS FOR AUDIT EVIDENCE GATHERING
  • CHAPTER FOURTEEN: Continuous Assurance Auditing, OLAP, and XBRL
  • IMPLEMENTING CONTINUOUS ASSURANCE AUDITING
  • BENEFITS OF CONTINUOUS ASSURANCE AUDITING TOOLS
  • DATA WAREHOUSES, DATA MINING, AND OLAP
  • XBRL: THE INTERNET-BASED EXTENSIBLE MARKUP LANGUAGE
  • NEWER TECHNOLOGIES, THE CONTINUOUS CLOSE, AND IT AUDIT
  • NOTES
  • PART FOUR: Importance of IT Governance
  • CHAPTER FIFTEEN: IT Controls and the Audit Committee
  • ROLE OF THE AUDIT COMMITTEE FOR IT AUDITORS
  • AUDIT COMMITTEE APPROVAL OF INTERNAL AUDIT PLANS AND BUDGETS
  • AUDIT COMMITTEE BRIEFINGS ON IT AUDIT ISSUES
  • AUDIT COMMITTEE REVIEW AND ACTION ON SIGNIFICANT IT AUDIT FINDINGS
  • IT AUDIT AND THE AUDIT COMMITTEE
  • CHAPTER SIXTEEN: Val IT, Portfolio Management, and Project Management
  • VAL IT: ENHANCING THE VALUE OF IT INVESTMENTS
  • IT SYSTEMS PORTFOLIO AND PROGRAM MANAGEMENT
  • PROJECT MANAGEMENT FOR IT AUDITORS
  • NOTES
  • CHAPTER SEVENTEEN: Compliance with IT-Related Laws and Regulations
  • COMPUTER FRAUD AND ABUSE ACT
  • COMPUTER SECURITY ACT OF 1987
  • GRAMM-LEACH-BLILEY ACT
  • HIPAA: HEALTHCARE AND MUCH MORE
  • OTHER PERSONAL PRIVACY AND SECURITY LEGISLATIVE REQUIREMENTS
  • IT-RELATED LAWS, REGULATIONS, AND AUDIT STANDARDS
  • CHAPTER EIGHTEEN: Understanding and Reviewing Compliance with ISO Standards
  • BACKGROUND AND IMPORTANCE OF ISO STANDARDS IN A WORLD OF GLOBAL COMMERCE
  • ISO STANDARDS OVERVIEW
  • ISO 19011 QUALITY MANAGEMENT SYSTEMS AUDITING
  • ISO STANDARDS AND IT AUDITORS
  • NOTES
  • CHAPTER NINETEEN: Controls to Establish an Effective IT Security Environment
  • GENERALLY ACCEPTED SECURITY STANDARDS
  • EFFECTIVE IT PERIMETER SECURITY
  • ESTABLISHING AN EFFECTIVE, ENTERPRISE-WIDE SECURITY STRATEGY
  • BEST PRACTICES FOR IT AUDIT AND SECURITY
  • NOTES
  • CHAPTER TWENTY: Cybersecurity and Privacy Controls
  • IT NETWORK SECURITY FUNDAMENTALS
  • IT SYSTEMS PRIVACY CONCERNS
  • PCI-DSS FUNDAMENTALS
  • AUDITING IT SECURITY AND PRIVACY
  • SECURITY AND PRIVACY IN THE INTERNAL AUDIT DEPARTMENT
  • NOTES
  • CHAPTER TWENTY-ONE: IT Fraud Detection and Prevention
  • UNDERSTANDING AND RECOGNIZING FRAUD IN AN IT ENVIRONMENT
  • RED FLAGS: FRAUD DETECTION SIGNS FOR IT AND OTHER INTERNAL AUDITORS
  • PUBLIC ACCOUNTING’S ROLE IN FRAUD DETECTION
  • IIA STANDARDS AND ISACA MATERIALS FOR DETECTING AND INVESTIGATING FRAUD
  • IT AUDIT FRAUD RISK ASSESSMENTS
  • IT AUDIT FRAUD INVESTIGATIONS
  • IT FRAUD PREVENTION PROCESSES
  • FRAUD DETECTION AND THE IT AUDITOR
  • NOTES
  • CHAPTER TWENTY-TWO: Identity and Access Management
  • IMPORTANCE OF IDENTITY AND ACCESS MANAGEMENT
  • IDENTITY MANAGEMENT PROCESSES
  • SEPARATION OF DUTIES IDENTIFY MANAGEMENT CONTROLS
  • ACCESS MANAGEMENT PROVISIONING
  • AUTHENTICATION AND AUTHORIZATION
  • AUDITING IDENTITY AND ACCESS MANAGEMENT PROCESSES
  • NOTE
  • CHAPTER TWENTY-THREE: Establishing Effective IT Disaster Recovery Processes
  • IT DISASTER AND BUSINESS CONTINUITY PLANNING TODAY
  • BUILDING AND AUDITING AN IT DISASTER RECOVERY PLAN
  • BUILDING THE IT DISASTER RECOVERY PLAN
  • DISASTER RECOVERY PLANNING AND SERVICE LEVEL AGREEMENTS
  • NEWER DISASTER RECOVERY PLAN TECHNOLOGIES: DATA MIRRORING TECHNIQUES
  • AUDITING BUSINESS CONTINUITY PLANS
  • DISASTER RECOVERY AND BUSINESS CONTINUITY PLANNING GOING FORWARD
  • NOTES
  • CHAPTER TWENTY-FOUR: Electronic Archiving and Data Retention
  • ELEMENTS OF A SUCCESSFUL ELECTRONIC RECORDS MANAGEMENT PROCESS
  • ELECTRONIC DOCUMENTATION STANDARDS
  • IMPLEMENTING ELECTRONIC IT DATA ARCHIVING
  • AUDITING ELECTRONIC DOCUMENT RETENTION AND ARCHIVAL PROCESSES
  • CHAPTER TWENTY-FIVE: Business Continuity Management, BS 25999, and ISO 27001
  • IT BUSINESS CONTINUITY MANAGEMENT PLANNING NEEDS TODAY
  • BS 25999 GOOD PRACTICE GUIDELINES
  • AUDITING BCM PROCESSES
  • LINKING THE BCM WITH OTHER STANDARDS AND PROCESSES
  • NOTES
  • CHAPTER TWENTY-SIX: Auditing Telecommunications and IT Communications Networks
  • NETWORK SECURITY CONCEPTS
  • EFFECTIVE IT NETWORK SECURITY CONTROLS
  • AUDITING A VPN INSTALLATION
  • NOTE
  • CHAPTER TWENTY-SEVEN: Change and Patch Management Controls
  • IT CHANGE MANAGEMENT PROCESSES
  • AUDITING IT CHANGE AND PATCH MANAGEMENT CONTROLS
  • NOTES
  • CHAPTER TWENTY-EIGHT: Six Sigma and Lean Technologies
  • SIX SIGMA BACKGROUND AND CONCEPTS
  • IMPLEMENTING SIX SIGMA
  • LEAN SIX SIGMA
  • NOTES
  • CHAPTER TWENTY-NINE: Building an Effective IT Internal Audit Function
  • ESTABLISHING AN IT INTERNAL AUDIT FUNCTION
  • INTERNAL AUDIT CHARTER: AN IMPORTANT IT AUDIT AUTHORIZATION
  • ROLE OF THE CHIEF AUDIT EXECUTIVE
  • IT AUDIT SPECIALISTS
  • IT AUDIT MANAGERS AND SUPERVISORS
  • INTERNAL AND IT AUDIT POLICIES AND PROCEDURES
  • ORGANIZING AN EFFECTIVE IT AUDIT FUNCTION
  • IMPORTANCE OF A STRONG IT AUDIT FUNCTION
  • NOTE
  • CHAPTER THIRTY: Professional Certifications: CISA, CIA, and More
  • CERTIFIED INFORMATION SYSTEMS AUDITOR CREDENTIALS
  • CERTIFIED INFORMATION SECURITY MANAGER CREDENTIALS
  • CERTIFICATE IN THE GOVERNANCE OF ENTERPRISE IT
  • CERTIFIED INTERNAL AUDITOR RESPONSIBILITIES AND REQUIREMENTS
  • BEYOND THE CIA: OTHER IIA CERTIFICATIONS
  • CISSP INFORMATION SYSTEMS SECURITY PROFESSIONAL CERTIFICATION
  • CERTIFIED FRAUD EXAMINER CERTIFICATION
  • ASQ INTERNAL AUDIT CERTIFICATIONS
  • OTHER INTERNAL AUDITOR CERTIFICATIONS
  • NOTE
  • CHAPTER THIRTY-ONE: Quality Assurance Auditing and ASQ Standards
  • DUTIES AND RESPONSIBILITIES OF QUALITY AUDITORS
  • ROLE OF THE QUALITY AUDITOR
  • PERFORMING ASQ QUALITY AUDITS
  • QUALITY ASSURANCE REVIEWS OF IT AUDIT FUNCTIONS
  • FUTURE DIRECTIONS FOR QUALITY ASSURANCE AUDITING
  • NOTES
  • INDEX
  • Wiley End User License Agreement
Show More

Additional information

Veldu vöru

Rafbók til eignar

Aðrar vörur

Related products

Bókakaup sérhæfir sig í þjónustu og sölu á rafbókum til nemenda á Íslandi.

Bókakaup

Um okkur

Skráðu þig á póstlistann okkar

0
    0
    Karfan þín
    Karfan þín er tómAftur í búð