1 / 19

IT Security and Auditing

IT Security and Auditing. Katie Englebretson Rebecca Cone. Why We Audit. Common causes of damage:. IT Security Cookbook. What is a threat. Something that affects Confidentiality Integrity Availability of business assets and resources. Risk Assessment. Auditing IT.

gerek
Télécharger la présentation

IT Security and Auditing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IT Securityand Auditing Katie Englebretson Rebecca Cone

  2. Why We Audit Common causes of damage: IT Security Cookbook

  3. What is a threat • Something that affects • Confidentiality • Integrity • Availability of business assets and resources

  4. Risk Assessment

  5. Auditing IT Clients response to risk = Internal Controls Control Risk = The risk that material misstatements that could occur in an account are not prevented or detected by internal controls.

  6. Auditing Regulations • GAAS • SAS • PCAOB • SEC • Sarbanes Oxley

  7. 3 Steps in an Audit • Planning • Performance • Completion

  8. Planning the Audit • Asset Analysis • Current Policy Analysis • Security Objectives • Threat Analysis

  9. Planning the Audit • Impact Analysis • Risk Analysis • Constraints Analysis • Counter Strategy Analysis

  10. What Are We Looking For? • Existence • Completeness • Ownership • Accuracy

  11. Audit Strategies • Reliance Strategy • Substantive Strategy

  12. Determine the Complexity of the Client • Low • Simple, no/few controls • Medium • More advanced, controls exist but still have an audit trail • Most clients are here • High • Very complex, multiple mainframes and extensive databases

  13. Auditing Complex Clients • Test Data Approach • Integrated Test Facility • Parallel Simulation • Continuous Auditing *All IT systems have similar functions

  14. Test Data Approach Procedure-develops simulated “fake” (both good and bad) data and test transaction by running the fake data through the system after hours. Problem- time consuming and it is uncertain if it is really the client’s system because the data is being ran after hours. Also, if the data goes in, it must come out and that can be difficult.

  15. Integrated Test Facility Procedure- develops simulated “fake” (both good and bad) data and test transaction by running the fake data through the system during normal business hours. Problem- time consuming and if the data goes in, it must come out and that can be difficult.

  16. Parallel System Procedure- Run real data through a simulated “fake” system Problem- difficult to prepare, but don’t have to back out data

  17. Completion • Wrap up loose ends • Examine company as a whole • Compliance • Issue reports

  18. Continuous Auditing • Periodically • After upgrades and patches • After installation of new hardware

  19. www.dilbert.com

More Related