{"product_id":"auditors-guide-to-it-auditing-software-demo-isbn-9781118147610","title":"Auditor's Guide to IT Auditing, + Software Demo","description":"\u003cb\u003eStep-by-step guide to successful implementation and control of IT systems—including the Cloud\u003c\/b\u003e \u003cp\u003eMany auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Now in a Second Edition, \u003ci\u003eAuditor's Guide to IT Auditing\u003c\/i\u003e presents an easy, practical guide for auditors that can be applied to all computing environments.\u003c\/p\u003e \u003cul\u003e \u003cli\u003eFollows the approach used by the Information System Audit and Control Association's model curriculum, making this book a practical approach to IS auditing\u003c\/li\u003e \u003cli\u003eServes as an excellent study guide for those preparing for the CISA and CISM exams\u003c\/li\u003e \u003cli\u003eIncludes discussion of risk evaluation methodologies, new regulations, SOX, privacy, banking, IT governance, CobiT, outsourcing, network management, and the Cloud\u003c\/li\u003e \u003cli\u003eIncludes a link to an education version of IDEA--Data Analysis Software\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eAs networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. \u003ci\u003eAuditor's Guide to IT Auditing, Second Edition\u003c\/i\u003e empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.\u003c\/p\u003e \u003cp\u003ePreface xvii\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I: IT Audit Process 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1: Technology and Audit 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTechnology and Audit 4\u003c\/p\u003e \u003cp\u003eBatch and Online Systems 8\u003c\/p\u003e \u003cp\u003eElectronic Data Interchange 20\u003c\/p\u003e \u003cp\u003eElectronic Business 21\u003c\/p\u003e \u003cp\u003eCloud Computing 22\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2: IT Audit Function Knowledge 25\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInformation Technology Auditing 25\u003c\/p\u003e \u003cp\u003eWhat Is Management? 26\u003c\/p\u003e \u003cp\u003eManagement Process 26\u003c\/p\u003e \u003cp\u003eUnderstanding the Organization’s Business 27\u003c\/p\u003e \u003cp\u003eEstablishing the Needs 27\u003c\/p\u003e \u003cp\u003eIdentifying Key Activities 27\u003c\/p\u003e \u003cp\u003eEstablish Performance Objectives 27\u003c\/p\u003e \u003cp\u003eDecide the Control Strategies 27\u003c\/p\u003e \u003cp\u003eImplement and Monitor the Controls 28\u003c\/p\u003e \u003cp\u003eExecutive Management’s Responsibility and Corporate Governance 28\u003c\/p\u003e \u003cp\u003eAudit Role 28\u003c\/p\u003e \u003cp\u003eConceptual Foundation 29\u003c\/p\u003e \u003cp\u003eProfessionalism within the IT Auditing Function 29\u003c\/p\u003e \u003cp\u003eRelationship of Internal IT Audit to the External Auditor 30\u003c\/p\u003e \u003cp\u003eRelationship of IT Audit to Other Company Audit Activities 30\u003c\/p\u003e \u003cp\u003eAudit Charter 30\u003c\/p\u003e \u003cp\u003eCharter Content 30\u003c\/p\u003e \u003cp\u003eOutsourcing the IT Audit Activity 31\u003c\/p\u003e \u003cp\u003eRegulation, Control, and Standards 31\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3: IT Risk and Fundamental Auditing Concepts 33\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eComputer Risks and Exposures 33\u003c\/p\u003e \u003cp\u003eEffect of Risk 35\u003c\/p\u003e \u003cp\u003eAudit and Risk 36\u003c\/p\u003e \u003cp\u003eAudit Evidence 37\u003c\/p\u003e \u003cp\u003eConducting an IT Risk-Assessment Process 38\u003c\/p\u003e \u003cp\u003eNIST SP 800 30 Framework 38\u003c\/p\u003e \u003cp\u003eISO 27005 39\u003c\/p\u003e \u003cp\u003eThe “Cascarino Cube” 39\u003c\/p\u003e \u003cp\u003eReliability of Audit Evidence 44\u003c\/p\u003e \u003cp\u003eAudit Evidence Procedures 45\u003c\/p\u003e \u003cp\u003eResponsibilities for Fraud Detection and Prevention 46\u003c\/p\u003e \u003cp\u003eNotes 46\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4: Standards and Guidelines for IT Auditing 47\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIIA Standards 47\u003c\/p\u003e \u003cp\u003eCode of Ethics 48\u003c\/p\u003e \u003cp\u003eAdvisory 48\u003c\/p\u003e \u003cp\u003eAids 48\u003c\/p\u003e \u003cp\u003eStandards for the Professional Performance of Internal Auditing 48\u003c\/p\u003e \u003cp\u003eISACA Standards 49\u003c\/p\u003e \u003cp\u003eISACA Code of Ethics 50\u003c\/p\u003e \u003cp\u003eCOSO: Internal Control Standards 50\u003c\/p\u003e \u003cp\u003eBS 7799 and ISO 17799: IT Security 52\u003c\/p\u003e \u003cp\u003eNIST 53\u003c\/p\u003e \u003cp\u003eBSI Baselines 54\u003c\/p\u003e \u003cp\u003eNote 55\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5: Internal Controls Concepts Knowledge 57\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInternal Controls 57\u003c\/p\u003e \u003cp\u003eCost\/Benefit Considerations 59\u003c\/p\u003e \u003cp\u003eInternal Control Objectives 59\u003c\/p\u003e \u003cp\u003eTypes of Internal Controls 60\u003c\/p\u003e \u003cp\u003eSystems of Internal Control 61\u003c\/p\u003e \u003cp\u003eElements of Internal Control 61\u003c\/p\u003e \u003cp\u003eManual and Automated Systems 62\u003c\/p\u003e \u003cp\u003eControl Procedures 63\u003c\/p\u003e \u003cp\u003eApplication Controls 63\u003c\/p\u003e \u003cp\u003eControl Objectives and Risks 64\u003c\/p\u003e \u003cp\u003eGeneral Control Objectives 64\u003c\/p\u003e \u003cp\u003eData and Transactions Objectives 64\u003c\/p\u003e \u003cp\u003eProgram Control Objectives 66\u003c\/p\u003e \u003cp\u003eCorporate IT Governance 66\u003c\/p\u003e \u003cp\u003eCOSO and Information Technology 68\u003c\/p\u003e \u003cp\u003eGovernance Frameworks 70\u003c\/p\u003e \u003cp\u003eNotes 71\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6: Risk Management of the IT Function 73\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eNature of Risk 73\u003c\/p\u003e \u003cp\u003eRisk-Analysis Software 74\u003c\/p\u003e \u003cp\u003eAuditing in General 75\u003c\/p\u003e \u003cp\u003eElements of Risk Analysis 77\u003c\/p\u003e \u003cp\u003eDefining the Audit Universe 77\u003c\/p\u003e \u003cp\u003eComputer System Threats 79\u003c\/p\u003e \u003cp\u003eRisk Management 80\u003c\/p\u003e \u003cp\u003eNotes 83\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7: Audit Planning Process 85\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBenefits of an Audit Plan 85\u003c\/p\u003e \u003cp\u003eStructure of the Plan 89\u003c\/p\u003e \u003cp\u003eTypes of Audit 91\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8: Audit Management 93\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePlanning 93\u003c\/p\u003e \u003cp\u003eAudit Mission 94\u003c\/p\u003e \u003cp\u003eIT Audit Mission 94\u003c\/p\u003e \u003cp\u003eOrganization of the Function 95\u003c\/p\u003e \u003cp\u003eStaffing 95\u003c\/p\u003e \u003cp\u003eIT Audit as a Support Function 97\u003c\/p\u003e \u003cp\u003ePlanning 97\u003c\/p\u003e \u003cp\u003eBusiness Information Systems 98\u003c\/p\u003e \u003cp\u003eIntegrated IT Auditor versus Integrated IT Audit 98\u003c\/p\u003e \u003cp\u003eAuditees as Part of the Audit Team 100\u003c\/p\u003e \u003cp\u003eApplication Audit Tools 100\u003c\/p\u003e \u003cp\u003eAdvanced Systems 100\u003c\/p\u003e \u003cp\u003eSpecialist Auditor 101\u003c\/p\u003e \u003cp\u003eIT Audit Quality Assurance 101\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9: Audit Evidence Process 103\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAudit Evidence 103\u003c\/p\u003e \u003cp\u003eAudit Evidence Procedures 103\u003c\/p\u003e \u003cp\u003eCriteria for Success 104\u003c\/p\u003e \u003cp\u003eStatistical Sampling 105\u003c\/p\u003e \u003cp\u003eWhy Sample? 106\u003c\/p\u003e \u003cp\u003eJudgmental (or Non-Statistical) Sampling 106\u003c\/p\u003e \u003cp\u003eStatistical Approach 107\u003c\/p\u003e \u003cp\u003eSampling Risk 107\u003c\/p\u003e \u003cp\u003eAssessing Sampling Risk 108\u003c\/p\u003e \u003cp\u003ePlanning a Sampling Application 109\u003c\/p\u003e \u003cp\u003eCalculating Sample Size 111\u003c\/p\u003e \u003cp\u003eQuantitative Methods 111\u003c\/p\u003e \u003cp\u003eProject-Scheduling Techniques 116\u003c\/p\u003e \u003cp\u003eSimulations 117\u003c\/p\u003e \u003cp\u003eComputer-Assisted Audit Solutions 118\u003c\/p\u003e \u003cp\u003eGeneralized Audit Software 118\u003c\/p\u003e \u003cp\u003eApplication and Industry-Related Audit Software 119\u003c\/p\u003e \u003cp\u003eCustomized Audit Software 120\u003c\/p\u003e \u003cp\u003eInformation-Retrieval Software 120\u003c\/p\u003e \u003cp\u003eUtilities 120\u003c\/p\u003e \u003cp\u003eOn-Line Inquiry 120\u003c\/p\u003e \u003cp\u003eConventional Programming Languages 120\u003c\/p\u003e \u003cp\u003eMicrocomputer-Based Software 121\u003c\/p\u003e \u003cp\u003eTest Transaction Techniques 121\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10: Audit Reporting Follow-up 123\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAudit Reporting 123\u003c\/p\u003e \u003cp\u003eInterim Reporting 124\u003c\/p\u003e \u003cp\u003eClosing Conferences 124\u003c\/p\u003e \u003cp\u003eWritten Reports 124\u003c\/p\u003e \u003cp\u003eClear Writing Techniques 125\u003c\/p\u003e \u003cp\u003ePreparing to Write 126\u003c\/p\u003e \u003cp\u003eBasic Audit Report 127\u003c\/p\u003e \u003cp\u003eExecutive Summary 127\u003c\/p\u003e \u003cp\u003eDetailed Findings 128\u003c\/p\u003e \u003cp\u003ePolishing the Report 129\u003c\/p\u003e \u003cp\u003eDistributing the Report 129\u003c\/p\u003e \u003cp\u003eFollow-up Reporting 129\u003c\/p\u003e \u003cp\u003eTypes of Follow-up Action 130\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II: Information Technology Governance 131\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11: Management 133\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIT Infrastructures 133\u003c\/p\u003e \u003cp\u003eProject-Based Functions 134\u003c\/p\u003e \u003cp\u003eQuality Control 138\u003c\/p\u003e \u003cp\u003eOperations and Production 139\u003c\/p\u003e \u003cp\u003eTechnical Services 140\u003c\/p\u003e \u003cp\u003ePerformance Measurement and Reporting 140\u003c\/p\u003e \u003cp\u003eMeasurement Implementation 141\u003c\/p\u003e \u003cp\u003eNotes 145\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12: Strategic Planning 147\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eStrategic Management Process 147\u003c\/p\u003e \u003cp\u003eStrategic Drivers 148\u003c\/p\u003e \u003cp\u003eNew Audit Revolution 149\u003c\/p\u003e \u003cp\u003eLeveraging IT 149\u003c\/p\u003e \u003cp\u003eBusiness Process Re-Engineering Motivation 150\u003c\/p\u003e \u003cp\u003eIT as an Enabler of Re-Engineering 151\u003c\/p\u003e \u003cp\u003eDangers of Change 152\u003c\/p\u003e \u003cp\u003eSystem Models 152\u003c\/p\u003e \u003cp\u003eInformation Resource Management 153\u003c\/p\u003e \u003cp\u003eStrategic Planning for IT 153\u003c\/p\u003e \u003cp\u003eDecision Support Systems 155\u003c\/p\u003e \u003cp\u003eSteering Committees 156\u003c\/p\u003e \u003cp\u003eStrategic Focus 156\u003c\/p\u003e \u003cp\u003eAuditing Strategic Planning 156\u003c\/p\u003e \u003cp\u003eDesign the Audit Procedures 158\u003c\/p\u003e \u003cp\u003eNote 158\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13: Management Issues 159\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePrivacy 161\u003c\/p\u003e \u003cp\u003eCopyrights, Trademarks, and Patents 162\u003c\/p\u003e \u003cp\u003eEthical Issues 162\u003c\/p\u003e \u003cp\u003eCorporate Codes of Conduct 163\u003c\/p\u003e \u003cp\u003eIT Governance 164\u003c\/p\u003e \u003cp\u003eSarbanes-Oxley Act 166\u003c\/p\u003e \u003cp\u003ePayment Card Industry Data Security Standards 166\u003c\/p\u003e \u003cp\u003eHousekeeping 167\u003c\/p\u003e \u003cp\u003eNotes 167\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14: Support Tools and Frameworks 169\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGeneral Frameworks 169\u003c\/p\u003e \u003cp\u003eCOSO: Internal Control Standards 172\u003c\/p\u003e \u003cp\u003eOther Standards 173\u003c\/p\u003e \u003cp\u003eGovernance Frameworks 176\u003c\/p\u003e \u003cp\u003eNote 178\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15: Governance Techniques 179\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eChange Control 179\u003c\/p\u003e \u003cp\u003eProblem Management 181\u003c\/p\u003e \u003cp\u003eAuditing Change Control 181\u003c\/p\u003e \u003cp\u003eOperational Reviews 182\u003c\/p\u003e \u003cp\u003ePerformance Measurement 182\u003c\/p\u003e \u003cp\u003eISO 9000 Reviews 184\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart III: Systems and Infrastructure Lifecycle Management 185\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 16: Information Systems Planning 187\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eStakeholders 187\u003c\/p\u003e \u003cp\u003eOperations 188\u003c\/p\u003e \u003cp\u003eSystems Development 189\u003c\/p\u003e \u003cp\u003eTechnical Support 189\u003c\/p\u003e \u003cp\u003eOther System Users 191\u003c\/p\u003e \u003cp\u003eSegregation of Duties 191\u003c\/p\u003e \u003cp\u003ePersonnel Practices 192\u003c\/p\u003e \u003cp\u003eObject-Oriented Systems Analysis 194\u003c\/p\u003e \u003cp\u003eEnterprise Resource Planning 194\u003c\/p\u003e \u003cp\u003eCloud Computing 195\u003c\/p\u003e \u003cp\u003eNotes 197\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 17: Information Management and Usage 199\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Are Advanced Systems? 199\u003c\/p\u003e \u003cp\u003eService Delivery and Management 201\u003c\/p\u003e \u003cp\u003eComputer-Assisted Audit Tools and Techniques 204\u003c\/p\u003e \u003cp\u003eNotes 205\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 18: Development, Acquisition, and Maintenance of Information Systems 207\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eProgramming Computers 207\u003c\/p\u003e \u003cp\u003eProgram Conversions 209\u003c\/p\u003e \u003cp\u003eNo Thanks Systems Development Exposures 209\u003c\/p\u003e \u003cp\u003eSystems Development Controls 210\u003c\/p\u003e \u003cp\u003eSystems Development Life Cycle Control: Control Objectives 210\u003c\/p\u003e \u003cp\u003eMicro-Based Systems 212\u003c\/p\u003e \u003cp\u003eCloud Computing Applications 212\u003c\/p\u003e \u003cp\u003eNote 213\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 19: Impact of Information Technology on the Business Processes and Solutions 215\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImpact 215\u003c\/p\u003e \u003cp\u003eContinuous Monitoring 216\u003c\/p\u003e \u003cp\u003eBusiness Process Outsourcing 218\u003c\/p\u003e \u003cp\u003eE-Business 219\u003c\/p\u003e \u003cp\u003eNotes 220\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 20: Software Development 221\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDeveloping a System 221\u003c\/p\u003e \u003cp\u003eChange Control 225\u003c\/p\u003e \u003cp\u003eWhy Do Systems Fail? 225\u003c\/p\u003e \u003cp\u003eAuditor’s Role in Software Development 227\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 21: Audit and Control of Purchased Packages and Services 229\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIT Vendors 230\u003c\/p\u003e \u003cp\u003eRequest For Information 231\u003c\/p\u003e \u003cp\u003eRequirements Definition 231\u003c\/p\u003e \u003cp\u003eRequest for Proposal 232\u003c\/p\u003e \u003cp\u003eInstallation 233\u003c\/p\u003e \u003cp\u003eSystems Maintenance 233\u003c\/p\u003e \u003cp\u003eSystems Maintenance Review 234\u003c\/p\u003e \u003cp\u003eOutsourcing 234\u003c\/p\u003e \u003cp\u003eSAS 70 Reports 234\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 22: Audit Role in Feasibility Studies and Conversions 237\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eFeasibility Success Factors 237\u003c\/p\u003e \u003cp\u003eConversion Success Factors 240\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 23: Audit and Development of Application Controls 243\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Are Systems? 243\u003c\/p\u003e \u003cp\u003eClassifying Systems 244\u003c\/p\u003e \u003cp\u003eControlling Systems 244\u003c\/p\u003e \u003cp\u003eControl Stages 245\u003c\/p\u003e \u003cp\u003eControl Objectives of Business Systems 245\u003c\/p\u003e \u003cp\u003eGeneral Control Objectives 246\u003c\/p\u003e \u003cp\u003eCAATs and Their Role in Business Systems Auditing 247\u003c\/p\u003e \u003cp\u003eCommon Problems 249\u003c\/p\u003e \u003cp\u003eAudit Procedures 250\u003c\/p\u003e \u003cp\u003eCAAT Use in Non-Computerized Areas 250\u003c\/p\u003e \u003cp\u003eDesigning an Appropriate Audit Program 250\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart IV: Information Technology Service Delivery and Support 253\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 24: Technical Infrastructure 255\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAuditing the Technical Infrastructure 257\u003c\/p\u003e \u003cp\u003eInfrastructure Changes 259\u003c\/p\u003e \u003cp\u003eComputer Operations Controls 260\u003c\/p\u003e \u003cp\u003eOperations Exposures 261\u003c\/p\u003e \u003cp\u003eOperations Controls 261\u003c\/p\u003e \u003cp\u003ePersonnel Controls 261\u003c\/p\u003e \u003cp\u003eSupervisory Controls 262\u003c\/p\u003e \u003cp\u003eInformation Security 262\u003c\/p\u003e \u003cp\u003eOperations Audits 263\u003c\/p\u003e \u003cp\u003eNotes 264\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 25: Service-Center Management 265\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePrivate Sector Preparedness (PS Prep) 266\u003c\/p\u003e \u003cp\u003eContinuity Management and Disaster Recovery 266\u003c\/p\u003e \u003cp\u003eManaging Service-Center Change 269\u003c\/p\u003e \u003cp\u003eNotes 269\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart V: Protection of Information Assets 271\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 26: Information Assets Security Management 273\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Is Information Systems Security? 273\u003c\/p\u003e \u003cp\u003eControl Techniques 276\u003c\/p\u003e \u003cp\u003eWorkstation Security 276\u003c\/p\u003e \u003cp\u003ePhysical Security 276\u003c\/p\u003e \u003cp\u003eLogical Security 277\u003c\/p\u003e \u003cp\u003eUser Authentication 277\u003c\/p\u003e \u003cp\u003eCommunications Security 277\u003c\/p\u003e \u003cp\u003eEncryption 277\u003c\/p\u003e \u003cp\u003eHow Encryption Works 278\u003c\/p\u003e \u003cp\u003eEncryption Weaknesses 279\u003c\/p\u003e \u003cp\u003ePotential Encryption 280\u003c\/p\u003e \u003cp\u003eData Integrity 280\u003c\/p\u003e \u003cp\u003eDouble Public Key Encryption 281\u003c\/p\u003e \u003cp\u003eSteganography 281\u003c\/p\u003e \u003cp\u003eInformation Security Policy 282\u003c\/p\u003e \u003cp\u003eNotes 282\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 27: Logical Information Technology Security 283\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eComputer Operating Systems 283\u003c\/p\u003e \u003cp\u003eTailoring the Operating System 284\u003c\/p\u003e \u003cp\u003eAuditing the Operating System 285\u003c\/p\u003e \u003cp\u003eSecurity 286\u003c\/p\u003e \u003cp\u003eCriteria 286\u003c\/p\u003e \u003cp\u003eSecurity Systems: Resource Access Control Facility 287\u003c\/p\u003e \u003cp\u003eAuditing RACF 288\u003c\/p\u003e \u003cp\u003eAccess Control Facility 2 289\u003c\/p\u003e \u003cp\u003eTop Secret 290\u003c\/p\u003e \u003cp\u003eUser Authentication 291\u003c\/p\u003e \u003cp\u003eBypass Mechanisms 293\u003c\/p\u003e \u003cp\u003eSecurity Testing Methodologies 293\u003c\/p\u003e \u003cp\u003eNotes 295\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 28: Applied Information Technology Security 297\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCommunications and Network Security 297\u003c\/p\u003e \u003cp\u003eNetwork Protection 298\u003c\/p\u003e \u003cp\u003eHardening the Operating Environment 300\u003c\/p\u003e \u003cp\u003eClient Server and Other Environments 301\u003c\/p\u003e \u003cp\u003eFirewalls and Other Protection Resources 301\u003c\/p\u003e \u003cp\u003eIntrusion-Detection Systems 303\u003c\/p\u003e \u003cp\u003eNote 304\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 29: Physical and Environmental Security 305\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eControl Mechanisms 306\u003c\/p\u003e \u003cp\u003eImplementing the Controls 310\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart VI: Business Continuity and Disaster Recovery 311\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 30: Protection of the Information Technology Architecture and Assets: Disaster-Recovery Planning 313\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRisk Reassessment 314\u003c\/p\u003e \u003cp\u003eDisaster—Before and After 315\u003c\/p\u003e \u003cp\u003eConsequences of Disruption 317\u003c\/p\u003e \u003cp\u003eWhere to Start 317\u003c\/p\u003e \u003cp\u003eTesting the Plan 319\u003c\/p\u003e \u003cp\u003eAuditing the Plan 320\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 31: Displacement Control 323\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eInsurance 323\u003c\/p\u003e \u003cp\u003eSelf-Insurance 327\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart VII: Advanced It Auditing 329\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 32: Auditing E-commerce Systems 331\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eE-Commerce and Electronic Data Interchange: What Is It? 331\u003c\/p\u003e \u003cp\u003eOpportunities and Threats 332\u003c\/p\u003e \u003cp\u003eRisk Factors 335\u003c\/p\u003e \u003cp\u003eThreat List 335\u003c\/p\u003e \u003cp\u003eSecurity Technology 336\u003c\/p\u003e \u003cp\u003e“Layer” Concept 336\u003c\/p\u003e \u003cp\u003eAuthentication 336\u003c\/p\u003e \u003cp\u003eEncryption 337\u003c\/p\u003e \u003cp\u003eTrading Partner Agreements 338\u003c\/p\u003e \u003cp\u003eRisks and Controls within EDI and E-Commerce 338\u003c\/p\u003e \u003cp\u003eE-Commerce and Auditability 340\u003c\/p\u003e \u003cp\u003eCompliance Auditing 340\u003c\/p\u003e \u003cp\u003eE-Commerce Audit Approach 341\u003c\/p\u003e \u003cp\u003eAudit Tools and Techniques 341\u003c\/p\u003e \u003cp\u003eAuditing Security Control Structures 342\u003c\/p\u003e \u003cp\u003eComputer-Assisted Audit Techniques 343\u003c\/p\u003e \u003cp\u003eNotes 343\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 33: Auditing UNIX\/Linux 345\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHistory 345\u003c\/p\u003e \u003cp\u003eSecurity and Control in a UNIX\/Linux System 347\u003c\/p\u003e \u003cp\u003eArchitecture 348\u003c\/p\u003e \u003cp\u003eUNIX Security 348\u003c\/p\u003e \u003cp\u003eServices 349\u003c\/p\u003e \u003cp\u003eDaemons 350\u003c\/p\u003e \u003cp\u003eAuditing UNIX 350\u003c\/p\u003e \u003cp\u003eScrutiny of Logs 351\u003c\/p\u003e \u003cp\u003eAudit Tools in the Public Domain 351\u003c\/p\u003e \u003cp\u003eUNIX Password File 352\u003c\/p\u003e \u003cp\u003eAuditing UNIX Passwords 353\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 34: Auditing Windows VISTA and Windows 7 355\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHistory 355\u003c\/p\u003e \u003cp\u003eNT and Its Derivatives 356\u003c\/p\u003e \u003cp\u003eAuditing Windows Vista\/Windows 7 357\u003c\/p\u003e \u003cp\u003ePassword Protection 358\u003c\/p\u003e \u003cp\u003eVISTA\/Windows 7 359\u003c\/p\u003e \u003cp\u003eSecurity Checklist 359\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 35: Foiling the System Hackers 361\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 36: Preventing and Investigating Information Technology Fraud 367\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePreventing Fraud 367\u003c\/p\u003e \u003cp\u003eInvestgation 369\u003c\/p\u003e \u003cp\u003eIdentity Theft 376\u003c\/p\u003e \u003cp\u003eNote 376\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix A Ethics and Standards for the IS Auditor 377\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eISACA Code of Professional Ethics 377\u003c\/p\u003e \u003cp\u003eRelationship of Standards to Guidelines and Procedures 378\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix B Audit Program for Application Systems Auditing 379\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix C Logical Access Control Audit Program 393\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix D Audit Program for Auditing UNIX\/Linux Environments 401\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eAppendix E Audit Program for Auditing Windows VISTA and Windows 7 Environments 407\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAbout the Author 415\u003c\/p\u003e \u003cp\u003eAbout the Website 417\u003c\/p\u003e \u003cp\u003eIndex 419\u003c\/p\u003e   \u003cp\u003e\u003cb\u003eRICHARD E. CASCARINO, MBA, CIA, CISA, CISM,\u003c\/b\u003e is a consultant and lecturer with over thirty years' experience in internal, forensic, risk, and computer auditing. He is Managing Director of Richard Cascarino \u0026amp; Associates, a successful audit training and consultancy company. For the last twenty-five years, they have been providing consultancy and professional development services to clients throughout the southern African region as well as Europe, the Middle East, and the United States. He is a past president of the Institute of Internal Auditors South Africa (IIA SA), was the founding Regional Director of the Southern African Region of the IIA Inc., and is a member of both the Information Systems Audit and Control Association and the Association of Certified Fraud Examiners.    \u003c\/p\u003e\u003cp\u003eMany auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether your IT systems are adequately protected. Now in a Second Edition, Auditor's Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments. \u003c\/p\u003e\u003cp\u003ePresenting the computer auditing knowledge that today's modern auditor requires significantly more than auditors of yesteryear, Auditor's Guide to IT Auditing, Second Edition serves as an excellent study guide for those preparing for the CISA and CISM exams. In addition, it provides you with a working knowledge of the risks and control opportunities within an information processing (IP) environment, as well as how to audit that environment. \u003c\/p\u003e\u003cp\u003eFilled with realistic case studies that present a workable implementation of the book's principles and techniques, this step-by-step guide includes timely discussion of: \u003c\/p\u003e\u003cul\u003e \u003cli\u003eRisk evaluation methodologies\u003c\/li\u003e \u003cli\u003eNew regulations\u003c\/li\u003e \u003cli\u003eThe Sarbanes-Oxley Act\u003c\/li\u003e \u003cli\u003ePrivacy\u003c\/li\u003e \u003cli\u003eBanking\u003c\/li\u003e \u003cli\u003eIT governance\u003c\/li\u003e \u003cli\u003eCobiT\u003c\/li\u003e \u003cli\u003eOutsourcing\u003c\/li\u003e \u003cli\u003eNetwork management\u003c\/li\u003e \u003cli\u003eThe Cloud\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eA reality check for every auditor to determine whether they are examining the right issues and if they are sufficiently comprehensive in their focus, Auditor's Guide to IT Auditing, Second Edition offers thorough coverage for successful application and control of IT systems—including the Cloud—to empower you to effectively gauge the adequacy and effectiveness of your IT controls.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47988777713893,"sku":"NP9781118147610","price":105.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781118147610.jpg?v=1761781552","url":"https:\/\/k12savings.com\/es\/products\/auditors-guide-to-it-auditing-software-demo-isbn-9781118147610","provider":"K12savings","version":"1.0","type":"link"}