Along with experienced personnel to perform security audits, an IS security audit
capability must have relevant tools, techniques, and practice aids available to assist the
auditors with their audit tasks. Decisions on obtaining such tools, techniques, and
practice aids, along with the appropriate expertise to use them, must be based on the
hardware, system software, and applications that constitute the audit environment. With
systems becoming more and more interconnected, the hardware and software that make
up and connect these systems are critical. In addition, the technical components that
provide network, Internet, and intranet connectivity must be identified. An audit
organization should develop an inventory of this infrastructure, which should be
periodically refreshed since computer systems are extremely fluid, and projections are
that technology will continue to advance rapidly.
In addition, it is important to keep informed on emerging technologies and related
control issues. These new technologies may soon be integrated into your audit
environment, and auditing them may require additional expertise and automated tools.
Appendix C provides a questionnaire that can assist you in collecting the type of IS
infrastructure information needed to understand your audit environment. Sources of this
information may include any prior audit history and other studies performed by outside
contractors. Depending on the size of your audit environment, you may not be able to
readily determine exact counts of the various hardware and software components. For
this purpose, an estimate of the number of systems involved will suffice. Also, the
questionnaire can be completed by agency personnel.
________________
laminate flooring dallas scavenger hunt
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
