Preface
Acknowledgments
Part One
Conducting Information Systems Audit
Chapter 1
Overview of Systems Audit
Information Systems Audit
Information Systems Auditor
Legal Requirement of Information Systems Audit
Systems Environment and Information Systems Audit
Information System Assets
Classification of Controls
Impact of Computers on Information
Impact of Computers on Auditing
Information Systems Audit Coverage
Chapter 2
Hardware Security Issues
Hardware Security Objective
Peripheral Devices and Storage Media
Client-server Architecture
Authentication Devices
Hardware Acquisition
Hardware Maintenance
Management of Obsolescence
Disposal of Equipment
Problem Management
Change Management
Network and Communication Issues
Chapter 3
Software Security Issues
Overview of Types of Software
Elements of Software Security
Control Issues during Installation and Maintenance
Licensing Issues
Problem and Change Management
Chapter 4
Information Systems Audit Requirement
Risk Analysis
Threats, Vulnerability, Exposure, and Likelihood
Information Systems Control Objectives
Information Systems Audit Objectives
System Effectiveness and Efficiency
Information Systems Abuse
Asset Safeguarding Objective and Process
Evidence Collection and Evaluation
Logs and Audit Trails as Evidence
Chapter 5
Conducting an Information Systems Audit
Audit Programme
Audit Plan
Audit Procedures and Approaches
System Understanding and Review
Compliance Reviews and Tests
Substantive Reviews and Test
Audit Tools and Techniques
Sampling Techniques
Audit Questionnaire
Audit Documentation
Audit Reporting
Auditing Approaches
Sample Audit Work Planning Memo
Sample Audit Work Process Flow
Chapter 6
Risk-Based Systems Audit
Conducting Risk Based Information Systems Audit
Risk Assessment
Risk Matrix
Risk and Audit Sample Determination
Audit Risk Assessment
Risk Management Strategy
Chapter 7
Business Continuity and Disaster Recovery Plan
Business Continuity and Disaster Recovery Process
Business Impact Analysis (BIA)
Incident Response Plan
Disaster Recovery Plan
Types of Disaster Recovery Plan
Emergency Preparedness Audit Checklist
Business Continuity Strategies
Business Resumption Plan Audit Checklist
Recovery Procedures Testing Checklist
Plan Maintenance Checklist
Vital Records Retention Checklist
Forms and Documents
Chapter 8
Auditing under E-commerce Environment
Introduction
Objectives of information systems audit of e-commerce
Preliminary Overview
Auditing E-commerce Functions
E-commerce Policies and Procedures Review
Impact of E-commerce on Internal Control
Chapter 9
Security Testing
Cyber Security
Cyber Crimes
What Is Vulnerable to Attack?
How Cyber Attacks Occur
What is Vulnerability Analysis?
Steps of Vulnerability Analysis
Types of Vulnerability
Conducting Vulnerability Analysis
Cyber Forensics
Digital Evidences
Chapter 10
Case Study: Conducting an Information Systems Audit
Important Security Issues in Banks
Steps to Information Systems Audit at a Bank Branch
Special Considerations in a Core Banking System
Part Two
Information Systems Auditing Checklists
Chapter 11
ISecGrade Auditing Framework
Introduction
Licensing and Limitations
Methodology
Domains
Grading Structure
Selection of Checklist
Format of Audit Report
Using the Audit Report Format
Chapter 12
ISecGrade Checklists
Checklist Structure
Information Systems Audit Checklists
Chapter 13
Session Questions
Chapter 1: Overview of systems audit
Chapter 2: Hardware Security Issues
Chapter 3: Software Security Issues
Chapter 4: Information Systems Audit Requirements
Chapter 5: Conducting and IS Audit
Chapter 6: Risk Based Systems Audit
Chapter 7: Business Continuity and Disaster Recovery Plan
Chapter 8: Auditing under the E-commerce Environment
Chapter 9: Security Testing
About the Authors
About the Website
Index
