Lecture 14: ICT Audit.

Slides:



Advertisements
Similar presentations
Pros and Cons of Cloud Computing Professor Kam-Fai Wong Faculty of Engineering The Chinese University of Hong Kong.
Advertisements

Brian Loesgen & Alan Smith. BizTalk Administration Challenges  BizTalk is a complex product  IT-Pros are not usually familiar with BizTalk  BizTalk.
Infection Control S.G. Harnisch on behalf of NDSA.
Security Controls – What Works
Information systems Integrity Protection. Facts on fraud  UK computer fraud 400 Million £  on companies  avg case £  France.
Modern Distributed Systems Design – Security and High Availability 1.Measuring Availability 2.Highly Available Data Management 3.Redundant System Design.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Factors to be taken into account when designing ICT Security Policies
Roles of IT Personnel Unit Customer Service This is a facility that helps customers with wide-ranging questions relating to a specific company,
Software Asset Management
Managing a computerised PO Operating environment 1.
ICT School Policies 6 th November Suggested Policies for Schools Not always a requirement, but useful to cover you, your school and the students.
© 2013 BOS Solutions Ltd. Revised: Mar 15,2013 Version 2 – BOS HSE MSpg. 1 The BOS HSE Management System Brad Whitaker, MSPH, CSP BOS Solutions HSE Director.
IT Assurance and Reliability Why Should You Care? Richard Oppenheim, CPA, CITP President, SysTrust Services Corporation Presented to ISACA Regional Meeting.
November 2009 Network Disaster Recovery October 2014.
Today’s Lecture application controls audit methodology.
Consultancy.
Software Validation in Accredited Laboratories A Practical Guide Greg Gogates Fasor Inc. 26 Sept 2001 A copy of this paper will be maintained.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Describe How Software and Network Security Can Keep Systems and Data Secure P3. M2 and D1 Unit 7.
Data management in the field Ari Haukijärvi 2nd EHES training seminar.
Environment for Information Security n Distributed computing n Decentralization of IS function n Outsourcing.
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Confidential. For Channel Partners only. Do not distribute. C
Information Assurance Policy Tim Shimeall
Principles of Information Systems, Sixth Edition Systems Design, Implementation, Maintenance, and Review Chapter 13.
1 Chapter Nine Conducting the IT Audit Lecture Outline Audit Standards IT Audit Life Cycle Four Main Types of IT Audits Using COBIT to Perform an Audit.
Pertemuan 3-4 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Zulhizam Bin Ebrahim Mohd Shamir Bin Abd Azia Muhammad Salehin Bin Suhaimi
Information System Audit : © South-Asian Management Technologies Foundation Chapter 10 Case Study: Conducting an Information Systems Audit.
Information and Records Management INFM 718X/LBSC 708X Seminar on E-Discovery.
Today’s Lecture Covers
Principles of Information Systems, Sixth Edition 1 Systems Design, Implementation, Maintenance, and Review Chapter 13.
Chapter 12 Implementation and Maintenance
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 1 Security Architecture.
Chapter 8 Auditing in an E-commerce Environment
Disaster Recovery: Can Your Business Survive Data Loss? DR Strategies for Today and Tomorrow.
Objectives  Legislation:  Understand that implementation of legislation will impact on procedures within an organisation.  Describe.
A2 LEVEL ICT 13.6 LEGAL ASPECTS DISASTER RECOVERY.
Fundamentals of Information Systems, Sixth Edition Chapter 1 Part A An Introduction to Information Systems in Organizations.
© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham and D. Anandarajah. Slides prepared by Kaye.
Database Administration Advanced Database Dr. AlaaEddin Almabhouh.
Welcome to the ICT Department Unit 3_5 Security Policies.
New cloud services demand new security solutions. The evolving cloud landscape is paving the way for modern and more sophisticated technology. Among the.
Slide 1 Systems Analysis and Design with UML Version 2.0 An Object-Oriented Approach, Second Edition Chapter 3: Project Initiation.
Database Principles: Fundamentals of Design, Implementation, and Management Chapter 1 The Database Approach.
Networking Objectives Understand what the following policies will contain – Disaster recovery – Backup – Archiving – Acceptable use – failover.
Introduction to Employee Navigator
ServiceNow Implementation Knowledge Management
Processing Integrity and Availability Controls
Lecture 14: Business Information Systems - ICT Security
Section 15.1 Section 15.2 Identify Webmastering tasks
The Impact of Information Technology on the Audit Process
Unit 7 – Organisational Systems Security
Air Carrier Continuing Analysis and Surveillance System (CASS)
Introduction to Employee Navigator
Replace with Application Image
Unit 3: Leading and Managing Recovery
Computer-Based Processing: Developing an Audit Assessment Approach
The Impact of Information Technology on the Audit Process
County HIPAA Review All Rights Reserved 2002.
Software Validation in Accredited Laboratories
System Testing.
Operational procedures for preventing misuse
Disaster Recovery at UNC
Data Centre Environment
Presentation transcript:

Lecture 14: ICT Audit

Context of ICT Audit Question: What role is ICT playing in driving your business. Playing? Could Play? Should Play? ICT Audit

ICT Audit ICT Audit is the processes of ensuring that you are getting the best out of your assets adequate protection of your system adequate protection from your system prepared for impending upgrades of the system Conformance to statutory requirements ICT Audit

Potential complications of ICT Systems The way they are put together (Adhoc) The way they are resourced The hiring of the personnel The positioning of the personnel in the company organization The fact that they are viewed as ICT systems Lack of understanding of ICT Systems by business ICT Audit

What to Audit The Network The systems The procedure The backup The personnel The technology The business continuity ICT Audit

What to Audit – on The Network Technology used Topology of the network Entry points Rules within the network Virtual Local Area Networks Access Lists Perform various kinds of Penetration tests ICT Audit

What to audit – on the systems The systems security Passwords Access levels Audit trails Logs detail Logs safety Usage of the logs – Proactive rather than just Reactive use of logs Get evidence of all these from the system ICT Audit

What to audit on -systems Application Systems External security Access Access Rights Internal security Business fit Decoupling of the processes from the application Stability of the organization selling the application ICT Audit

What to audit - Procedures Procurement Procedures Repair and maintenance procedures Change management Introduction of new systems Altering of existing systems Systems retirement procedures Equipment retirement procedures Who has your old data When social responsibility turns nasty (The Nigerian Recycling nightmare) http://news.bbc.co.uk/2/hi/business/4790293.stm ICT Audit

What to audit – the systems backup Is the system being backed up? What do you do to your most valuable assets? Quality of backup Testing of backup Testing of recovery procedures Disaster recovery site Hot site Cold site ICT Audit

What to audit – Personnel Organogram test Do you have the correct personnel Do you have adequate personnel How knowledgeable are they How specialized are they Have they been undergoing training Who hires your personnel What do they know and how do they know it ICT Audit

What to audit – technology Does your current technology fit your business How are you preparing for future technology Who is watching the technology for you Who calls the shots in moving over to new technologies Are you reactive or proactive ICT Audit

What to audit – Business continuity Fire drills phenomenon Have to be ready for unforeseen eventualities Succession plan phenomenon Do you have sufficient backup and redundancy within the essential business processes Discussion point What aspects need to be considered to guarantee business continuity? ICT Audit

Business Continuity – What to consider Big data analytics to gain insights Software upgrade Customer or clients database Data Recovery Plan Agility of hard and soft in terms of upwards and backwards compatibility Business Continuity Plan, manual for computerized systems Connectivity to enhance visibility Adoption of new technologies Data security Succession plan in terms of key personnel ICT Audit

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.