Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

Published byCruz Wrigley Modified over 9 years ago

Similar presentations

Presentation on theme: "IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP…."— Presentation transcript:

1 IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

2 Welcome! An IT audit is the process of collecting and evaluating evidence of an organization's information systems, practices, and operations. The evaluation of obtained evidence determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. A control is developed to mitigate a known risk to a level acceptable by Senior Management. The concept of attaining a secure computing environment (ie, an ideal state free from risk or danger) by mitigating the vulnerabilities associated with computer use.

3 Risks Types  Strategic  Compliance  Market  Operational  Environmental  Reputational  Market

4 Application Risks  Unauthorized and/or erroneous transactions  Processing inefficiencies due to incomplete data entry  Access control violations  Data entry errors undetected  Breach of system integrity and loss of critical data  Non-compliance with federal and state laws regarding computer and data communications use  Destruction of critical information by unauthorized users  Impairment of the Organization’s reputation

5 Security Domains  Access Control Systems and Methodology  Telecommunications and Network Security  Business Continuity Planning and Disaster Recovery Planning  Security Management Practices  Security Architecture and Models  Law, Investigation, and Ethics  Application and Systems Development Security  Cryptography  Computer Operations Security  Physical Security

6 CoBIT Domains  Plan and Organize PO 8 – Manage Quality  Acquire and Implement AI 2 - Acquire and Maintain Application Software AI 6 - Manage Changes AI 7 - Install and Accredit Solutions and Changes  Deliver and Support DS 5 - Ensure Systems Security  Monitor and Evaluate ME 2 - Monitor and Evaluate Internal Control

7 Internal Controls 101  Primary Objectives of Internal Controls Accurate Financial Information Compliance with Policies and Procedures Safeguarding Assets Efficient Use of Resources Accomplishment of Business Objectives and Goals

8 Point of View  Security Perspective Security requirements early in SDLC process. Ensure legal, regulatory, contractual, and internal compliance requirements. Follows industry best practices. Testing during development, QA, pre and post production.  Audit Perspective Compliance to legal, regulatory, contractual, and internal compliance requirements. Appropriate evidence is documented. Business objectives and goals are maintained. Each audit point is reached during the SDLC phases.

Download ppt "IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP…."

Similar presentations

An Internal Control Overview

An Internal Control Overview
Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.

Information System Audit : © South-Asian Management Technologies Foundation Chapter 4: Information System Audit Requirements.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Control and Accounting Information Systems

Control and Accounting Information Systems
Security and Personnel

Security and Personnel
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.

Welcome! Internal Auditing CHAPTER 1. Definition Internal auditing is an independent, objective, assurance and consulting activity designed to add value.
Auditing Computer Systems

Auditing Computer Systems
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
COBIT - II.

COBIT - II.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.

1 Pertemuan 6 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Information Systems Security Officer

Information Systems Security Officer
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
The Information Systems Audit Process

The Information Systems Audit Process

Similar presentations

Ads by Google