IT Audit Series - IT Security Reviews
How to perform an IT security review audit
Management, ever conscious of the organization's reliance on the computers (both micro and mainframe), is increasingly looking to the auditor to address the risks in this environment. Many auditors are unfamiliar with the risk areas and control opportunities available. The training concentrates on logical security, the control mechanisms available to enforce logical security, and audit approaches, tools and techniques to carry out such reviews.
The objectives of the training are:
- To familiarize auditors with computer risk areas and security mechanisms.
- To provide auditors with an understanding of the building blocks of operational environments and operating systems.
- To provide auditors with an appropriate methodology for reviewing computer security.
The training will cover the following areas:
- Computer risk areas
- Criteria for effective security
- Computer operations
- Applications security
- Change control
- Control over viruses
- The "ACCESS" model
- Tailoring the Operating System
- Auditing operating environments
- The role of security packages: RACF, ACF2, TOP SECRET
- The internet and Firewalls
This is a previously recorded 2-hour AuditNet® webinar with Jim Kaplan and Richard Cascarino
AuditNet® is the Global Resource for Auditors, and serves the global audit community as the primary communications resource with an online digital network where auditors share resources, tools, and experiences including audit work programs and other audit documentation.
As the first online portal for the global audit community, AuditNet® has been at the forefront of audit websites dedicated to promoting the use of technology. http://www.auditnet.org/
Jim Kaplan, the founder of AuditNet®, became a Certified Internal Auditor in 1984. He has continuously promoted and encouraged the use of technology and the Internet for audit productivity.
As an active member of the IIA, he has held many positions at the local and International level. He is a founding member of the Northern Virginia Chapter and served as Chapter President in 1989. He retired from his government audit director position in 2005. He is the founder and President of AuditNet®, the global resource for auditors, and has been identified as an Internet for Auditors pioneer. Jim's contributions to the profession were recognized by the IIA (2007 Bradford Cadmus award) and the Association of Local Government Auditors (Lifetime Achievement Award). In addition to the IIA, he is a member of the Association of Local Government Auditors and the Association of Certified Fraud Examiners.