Scribd
Upload
16 views

IS I UNIT Lecture Notes

Uploaded by

m.anand502
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
16 views

IS I UNIT Lecture Notes

Uploaded by

m.anand502
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

INFORMATION SECURITY LECTURE NOTES

Overview of Information System Auditing -

Information Systems (IS) Auditing is a specialized branch of Auditing.

It focuses on assessing the controls and processes around Information Technology (IT)
systems. Information Systems (IS) are defined as the combination of strategic, managerial, and
operational activities involved in gathering, processing, storing, distributing, and using
information and its related technologies.

IS Auditing involves examining and evaluating an organization’s information system, its


management, related operations, and processes.

This encompasses the assessment of data integrity, system security, and IT governance to ensure
the organization’s data and assets are safeguarded.

In the early days of computing, Auditors focused on batch processing systems.

They were concerned with physical controls over data entry and output.

As technology evolved, so did the role of IS Auditors. Over time, IS Auditors began assessing
more complex, connected, integrated, and real-time computer systems, including networked and
cloud-based applications. Also, IS Auditing was initially considered an extension of traditional
financial Auditing, focused on verifying computer-processed financial data’s accuracy,
completeness, and reliability.

IS Auditors assess the effectiveness and security of the entire IT infrastructure and proactively
assess how various components of Information Systems facilitate the achievement of the
organization’s objectives.

The role of an IS Auditor has become increasingly strategic. They are both watchdogs and
advisers, providing insights on technology trends, risks, and controls.

IS Auditing plays a critical role in corporate governance.

It provides assurance that IS supports business objectives and complies with regulations.

IS Auditors work closely with IT departments, management, and external stakeholders.

They verify whether IT systems are reliable, secure, and efficient.

Prepared by Mr. M Anand Kumar, B.Tech, M.Tech, (Ph.D)


Asst. Prof- Department of Computer Science and Engineering
Another critical area of IS Auditing is risk assessment, where they analyze the likelihood and
impact of potential threats to the organization’s IS (internal and external) to inform the
management’s decision-making about IT investments and security measures.

another critical area is compliance, where IS Auditors determine whether the organization’s
Information Systems comply with laws, regulations, and internal policies.

IS Auditors evaluate existing controls, policies, and procedures and identify gaps in non-
compliance that may result in significant penalties or restrictions on the organizations.

Lastly, the significance of IS Auditing also extends to ethical considerations.

The Objectives and Goals of IS Auditing

Progressive IS Auditing functions align with the broader aims of the organization’s objectives of
ensuring the integrity, confidentiality, and availability of Information Systems.

Governed by these objectives, IS Audit teams work toward the achievement of the following
goals:

Reliability and Integrity of Information: IS Auditors assess whether information produced


by the systems is accurate, complete, and reliable since it is crucial for decision-making and
operational processes within an organization.

Safeguarding of information assets: IS Auditors evaluate controls designed to protect


information assets from loss or damage, including assessing measures against unauthorized
access, data breaches, and cyber threats.

Compliance with laws and regulations: IS Auditors review whether IT systems comply
with applicable laws, regulations, and contractual agreements to protect against legal
penalties and reputational damage.

Operational effectiveness and Efficiency: IS Auditors examine whether IS is being used


effectively and efficiently to support business processes and identify ways to improve
operations, reduce costs, and enhance productivity.

Data privacy and confidentiality: IS Auditors review how data is stored, accessed, and
shared to verify that sensitive information is adequately protected from unauthorized access
or disclosure.

Prepared by Mr. M Anand Kumar, B.Tech, M.Tech, (Ph.D)


Asst. Prof- Department of Computer Science and Engineering
IS Risk Management: IS Auditors may support identifying, assessing, and monitoring risks
related to IT systems. In doing so, they can recommend measures to manage these risks to
acceptable levels and evaluate the potential for fraud and other illegal activities.

System Security and Control: IS Auditors provide expert advice on designing and
implementing adequate IS controls to prevent, detect, and correct issues that could harm the
organization.

Business Continuity and Disaster Preparedness: IS Auditors evaluate disaster recovery


and business continuity plans to verify that these plans are robust and can be effectively
executed in case of significant disruptions.

Facilitating Communication among Stakeholders: IS Auditors act as a bridge between


technical staff, management, and external parties to facilitate clear communication regarding
the status, risks, and needs of IT systems.

Promoting an understanding of IT risks and controls throughout the organization: IS


Auditors actively lead initiatives to educate the front-line staff and management on the
importance of governance of enterprise IT to foster a culture of risk awareness and
compliance.

IS Auditors aim to accomplish these goals by diligently, effectively, and systematically


performing the following primary tasks.

Five Steps of IS Auditing

1. Execute a risk-based IS audit strategy in compliance with the auditing standards.


2. Plan specific audits to determine whether IS are protected and controlled and provide value to
the organization.
3. Conduct audits in accordance with auditing standards to achieve planned audit objectives.
4. Communicate audit results and offer recommendations through meetings and audit reports to
promote change as necessary.
5. Follow-up to determine whether audit findings are remediated in a timely manner

Prepared by Mr. M Anand Kumar, B.Tech, M.Tech, (Ph.D)


Asst. Prof- Department of Computer Science and Engineering

You might also like