Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working.

Published byJayden Folley Modified over 9 years ago

Similar presentations

Presentation on theme: "1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working."— Presentation transcript:

1 1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working Papers Create Process Maps Annotate Risk Annotate Controls Evaluate Controls Risk Appetite Control Efficiency and Costs Process Hotspots Process Efficiency Testing Reporting

2 Entry meetings

3 Familiarisation – get to know process flow  Identify  Determine  Document

4 Fieldwork 1.Interviews 2.Existing documentation 3.Questionnaires 4.Observations 5.Tests

5 Determine expected controls

6 Locate actual controls

7 Gap analysis shows missing controls Present as expected. Expected but absent.

8 Key application controls

9 Key network controls

10 Key storage controls

11 HOST CONTROLS Router Packet Filter Proxy Firewall Who Limited Few Skill Competence How Security / vulnerability of underlying OS Rules and Rationale How tested How validated Pen testing Key host controls

12 12 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working Papers Create Process Maps Annotate Risk Annotate Controls Evaluate Controls Risk Appetite Control Efficiency and Costs Process Hotspots Process Efficiency Testing Reporting

Download ppt "1 IT / IS AUDIT PROCESS MODELS (MINDMAPS) For personal use only – not for distribution Begin Audit End Audit FamiliariseGather Information Create Working."

Similar presentations

Needs Assessment A brief overview of needs assessment in the context of using ID to plan instructional programs.

Needs Assessment A brief overview of needs assessment in the context of using ID to plan instructional programs.
HES Data Management Ari Haukijärvi. Planning of HES Data Management Purpose of the data management The data will be available for analysis The available.

HES Data Management Ari Haukijärvi. Planning of HES Data Management Purpose of the data management The data will be available for analysis The available.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
1 Visualizer for Firewall Display & Analysis Tool.

1 Visualizer for Firewall Display & Analysis Tool.
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
Operational Auditing--Fall 2001 1 Evidence = Support 4 Auditors collect information 4 Evidence should be sufficient, competent, relevant & useful 4 Methodology.

Operational Auditing--Fall Evidence = Support 4 Auditors collect information 4 Evidence should be sufficient, competent, relevant & useful 4 Methodology.
Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.

Chapter 7 Firewalls. Firewall Definition  A network device that enforces network access control based upon a defined security policy.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &

1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
Operational Auditing--Fall 200810-1 Evidence = Support n Auditors collect information n Evidence should be sufficient, competent, relevant & useful n Methodology.

Operational Auditing--Fall Evidence = Support n Auditors collect information n Evidence should be sufficient, competent, relevant & useful n Methodology.
Operational Auditing--Spring 20061 Evidence = Support  Auditors collect information  Evidence should be sufficient, competent, relevant & useful  Methodology.

Operational Auditing--Spring Evidence = Support  Auditors collect information  Evidence should be sufficient, competent, relevant & useful  Methodology.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Firewall Auditing Sean K. Lowder CISSP / MCSE / CCNA

Firewall Auditing Sean K. Lowder CISSP / MCSE / CCNA
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
By: Colby Shifflett Dr. Grossman Computer Science 420 12/01/2009.

By: Colby Shifflett Dr. Grossman Computer Science /01/2009.
Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: 93036 Term: Spring 2001.

Network Security (Firewall) Instructor: Professor Morteza Anvari Student: Xiuxian Chen ID: Term: Spring 2001.
Communication is Between People. The Rest is Technology. How to Prepare for and Survive an IT Audit.

Communication is Between People. The Rest is Technology. How to Prepare for and Survive an IT Audit.
SecureAware Building an Information Security Management System.

SecureAware Building an Information Security Management System.

Similar presentations

Ads by Google