LIMITED OFFER
Save 50% on book bundles
Immediately download your ebook while waiting for your print delivery. No promo code needed.
The Basics of IT Audit
Purposes, Processes, and Practical Information
- 1st Edition - October 31, 2013
- Author: Stephen D. Gantz
- Language: English
- Paperback ISBN:9 7 8 - 0 - 1 2 - 4 1 7 1 5 9 - 6
- eBook ISBN:9 7 8 - 0 - 1 2 - 4 1 7 1 7 6 - 3
The Basics of IT Audit: Purposes, Processes, and Practical Information provides you with a thorough, yet concise overview of IT auditing. Packed with specific examples, this book… Read more
Purchase options
Institutional subscription on ScienceDirect
Request a sales quoteThe Basics of IT Audit: Purposes, Processes, and Practical Information provides you with a thorough, yet concise overview of IT auditing. Packed with specific examples, this book gives insight into the auditing process and explains regulations and standards such as the ISO-27000, series program, CoBIT, ITIL, Sarbanes-Oxley, and HIPPA.
IT auditing occurs in some form in virtually every organization, private or public, large or small. The large number and wide variety of laws, regulations, policies, and industry standards that call for IT auditing make it hard for organizations to consistently and effectively prepare for, conduct, and respond to the results of audits, or to comply with audit requirements.
This guide provides you with all the necessary information if you're preparing for an IT audit, participating in an IT audit or responding to an IT audit.
- Provides a concise treatment of IT auditing, allowing you to prepare for, participate in, and respond to the results
- Discusses the pros and cons of doing internal and external IT audits, including the benefits and potential drawbacks of each
- Covers the basics of complex regulations and standards, such as Sarbanes-Oxley, SEC (public companies), HIPAA, and FFIEC
- Includes most methods and frameworks, including GAAS, COSO, COBIT, ITIL, ISO (27000), and FISCAM
IT Security Professionals (Security Auditors, Security Engineers, Compliance Specialists, etc.), IT Professionals (Network Administrators, IT Managers, Security Managers, Security Analysts, Directors of Security, etc.
Dedication
Acknowledgments
About the Author
About the Technical Editor
Trademarks
Introduction
Abstract
Information in this chapter
Introduction to IT auditing
Purpose and rationale
Structure and content
Chapter 1. IT Audit Fundamentals
Information in this chapter
What is IT auditing?
Why audit?
Who gets audited?
Who does IT auditing?
Relevant source material
Summary
References
Chapter 2. Auditing in Context
Information in this chapter:
IT governance
Risk management
Compliance and certification
Quality management and quality assurance
Information security management
Relevant source material
Summary
References
Chapter 3. Internal Auditing
Information in this chapter:
Internal audit as an organizational capability
Benefits of internal IT auditing
Internal audit challenges
Internal auditors
Relevant source material
Summary
References
Chapter 4. External Auditing
Information in this chapter:
Operational aspects of external audits
External IT audit drivers and rationale
External audit benefits
External audit challenges
External auditors
Relevant source material
Summary
References
Chapter 5. Types of Audits
Information in this chapter:
Financial audits
Operational audits
Certification audits
Compliance audits
IT-specific audits
Relevant source material
Summary
References
Chapter 6. IT Audit Components
Information in this chapter
Establishing the scope of IT audits
Types of controls
Auditing different IT assets
Auditing procedural controls or processes
Relevant source material
References
Chapter 7. IT Audit Drivers
Information in this chapter:
Laws and regulations
Certification standards
Operational effectiveness
Quality assurance and continuous improvement
Relevant source material
Summary
References
Chapter 8. IT Audit Processes
Information in this chapter:
Audit planning
Audit performance
Reporting findings
Process life cycles and methodologies
Relevant source material
Summary
References
Chapter 9. Methodologies and Frameworks
Information in this chapter
Audit-specific methodologies and frameworks
IT governance and management frameworks
Government-focused audit methodologies
Security control assessment frameworks
Relevant source material
Summary
References
Chapter 10. Audit-Related Organizations, Standards, and Certifications
Information in this chapter
National and international perspectives
Audit-focused standards and certification organizations
Organizations offering standards, guidance, or certifications relevant to IT auditing
Relevant source material
Summary
References
References
Abstract
References
Acronyms
Abstract
Acronyms and abbreviations
Index
- No. of pages: 270
- Language: English
- Edition: 1
- Published: October 31, 2013
- Imprint: Syngress
- Paperback ISBN: 9780124171596
- eBook ISBN: 9780124171763
SG
Stephen D. Gantz
Stephen Gantz (CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO) is an information security and IT consultant with over 20 years of experience in security and privacy management, enterprise architecture, systems development and integration, and strategic planning. He currently holds an executive position with a health information technology services firm primarily serving federal and state government customers. He is also an Associate Professor of Information Assurance in the Graduate School at University of Maryland University College. He maintains a security-focused website and blog at http://www.securityarchitecture.com.
Steve’s security and privacy expertise spans program management, security architecture, policy development and enforcement, risk assessment, and regulatory compliance with major legislation such as FISMA, HIPAA, and the Privacy Act. His industry experience includes health, financial services, higher education, consumer products, and manufacturing, but since 2000 his work has focused on security and other information resources management functions in federal government agencies. His prior work history includes completing projects for government clients including the Departments of Defense, Labor, and Health and Human Services, Office of Management and Budget, Federal Deposit Insurance Corporation, U.S. Postal Service, and U.S. Senate.
Steve holds a master’s degree in public policy from the Kennedy School of Government at Harvard University, and also earned his bachelor’s degree from Harvard. He is nearing completion of the Doctor of Management program at UMUC, where his dissertation focuses on trust and distrust in networks and inter-organizational relationships. Steve currently resides in Arlington, Virginia with his wife Reneé and children Henry, Claire, and Gillian.
Affiliations and expertise
CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, Founder and Principal Architect of SecurityArchitecture.com.Read The Basics of IT Audit on ScienceDirect