The Basics of IT Audit

The Basics of IT Audit

Purposes, Processes, and Practical Information

1st Edition - October 31, 2013
This is the Latest Edition
  • Author: Stephen Gantz
  • Paperback ISBN: 9780124171596
  • eBook ISBN: 9780124171763

Purchase options

Purchase options
Available
DRM-free (Mobi, PDF, EPub)
Sales tax will be calculated at check-out

Institutional Subscription

Free Global Shipping
No minimum order

Description

The Basics of IT Audit: Purposes, Processes, and Practical Information provides you with a thorough, yet concise overview of IT auditing. Packed with specific examples, this book gives insight into the auditing process and explains regulations and standards such as the ISO-27000, series program, CoBIT, ITIL, Sarbanes-Oxley, and HIPPA. IT auditing occurs in some form in virtually every organization, private or public, large or small. The large number and wide variety of laws, regulations, policies, and industry standards that call for IT auditing make it hard for organizations to consistently and effectively prepare for, conduct, and respond to the results of audits, or to comply with audit requirements. This guide provides you with all the necessary information if you're preparing for an IT audit, participating in an IT audit or responding to an IT audit.

Key Features

  • Provides a concise treatment of IT auditing, allowing you to prepare for, participate in, and respond to the results
  • Discusses the pros and cons of doing internal and external IT audits, including the benefits and potential drawbacks of each
  • Covers the basics of complex regulations and standards, such as Sarbanes-Oxley, SEC (public companies), HIPAA, and FFIEC
  • Includes most methods and frameworks, including GAAS, COSO, COBIT, ITIL, ISO (27000), and FISCAM

Readership

IT Security Professionals (Security Auditors, Security Engineers, Compliance Specialists, etc.), IT Professionals (Network Administrators, IT Managers, Security Managers, Security Analysts, Directors of Security, etc.

Table of Contents

  • Dedication

    Acknowledgments

    About the Author

    About the Technical Editor

    Trademarks

    Introduction

    Abstract

    Information in this chapter

    Introduction to IT auditing

    Purpose and rationale

    Structure and content

    Chapter 1. IT Audit Fundamentals

    Information in this chapter

    What is IT auditing?

    Why audit?

    Who gets audited?

    Who does IT auditing?

    Relevant source material

    Summary

    References

    Chapter 2. Auditing in Context

    Information in this chapter:

    IT governance

    Risk management

    Compliance and certification

    Quality management and quality assurance

    Information security management

    Relevant source material

    Summary

    References

    Chapter 3. Internal Auditing

    Information in this chapter:

    Internal audit as an organizational capability

    Benefits of internal IT auditing

    Internal audit challenges

    Internal auditors

    Relevant source material

    Summary

    References

    Chapter 4. External Auditing

    Information in this chapter:

    Operational aspects of external audits

    External IT audit drivers and rationale

    External audit benefits

    External audit challenges

    External auditors

    Relevant source material

    Summary

    References

    Chapter 5. Types of Audits

    Information in this chapter:

    Financial audits

    Operational audits

    Certification audits

    Compliance audits

    IT-specific audits

    Relevant source material

    Summary

    References

    Chapter 6. IT Audit Components

    Information in this chapter

    Establishing the scope of IT audits

    Types of controls

    Auditing different IT assets

    Auditing procedural controls or processes

    Relevant source material

    References

    Chapter 7. IT Audit Drivers

    Information in this chapter:

    Laws and regulations

    Certification standards

    Operational effectiveness

    Quality assurance and continuous improvement

    Relevant source material

    Summary

    References

    Chapter 8. IT Audit Processes

    Information in this chapter:

    Audit planning

    Audit performance

    Reporting findings

    Process life cycles and methodologies

    Relevant source material

    Summary

    References

    Chapter 9. Methodologies and Frameworks

    Information in this chapter

    Audit-specific methodologies and frameworks

    IT governance and management frameworks

    Government-focused audit methodologies

    Security control assessment frameworks

    Relevant source material

    Summary

    References

    Chapter 10. Audit-Related Organizations, Standards, and Certifications

    Information in this chapter

    National and international perspectives

    Audit-focused standards and certification organizations

    Organizations offering standards, guidance, or certifications relevant to IT auditing

    Relevant source material

    Summary

    References

    References

    Abstract

    References

    Acronyms

    Abstract

    Acronyms and abbreviations

    Index

Product details

  • No. of pages: 270
  • Language: English
  • Copyright: © Syngress 2013
  • Published: October 31, 2013
  • Imprint: Syngress
  • Paperback ISBN: 9780124171596
  • eBook ISBN: 9780124171763

About the Author

Stephen Gantz

Stephen Gantz (CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, C|CISO) is an information security and IT consultant with over 20 years of experience in security and privacy management, enterprise architecture, systems development and integration, and strategic planning. He currently holds an executive position with a health information technology services firm primarily serving federal and state government customers. He is also an Associate Professor of Information Assurance in the Graduate School at University of Maryland University College. He maintains a security-focused website and blog at http://www.securityarchitecture.com.

Steve’s security and privacy expertise spans program management, security architecture, policy development and enforcement, risk assessment, and regulatory compliance with major legislation such as FISMA, HIPAA, and the Privacy Act. His industry experience includes health, financial services, higher education, consumer products, and manufacturing, but since 2000 his work has focused on security and other information resources management functions in federal government agencies. His prior work history includes completing projects for government clients including the Departments of Defense, Labor, and Health and Human Services, Office of Management and Budget, Federal Deposit Insurance Corporation, U.S. Postal Service, and U.S. Senate.

Steve holds a master’s degree in public policy from the Kennedy School of Government at Harvard University, and also earned his bachelor’s degree from Harvard. He is nearing completion of the Doctor of Management program at UMUC, where his dissertation focuses on trust and distrust in networks and inter-organizational relationships. Steve currently resides in Arlington, Virginia with his wife Reneé and children Henry, Claire, and Gillian.

Affiliations and Expertise

CISSP-ISSAP, CEH, CGEIT, CRISC, CIPP/G, Founder and Principal Architect of SecurityArchitecture.com.

Latest reviews

(Total rating for all reviews)

  • ALEJANDRO O. Mon May 14 2018

    The Basics of IT Audit

    A basic title for non-security IT Professionals, essentials topics for training and IT Security awareness. A must read for everyone in IT departments.