Since January 2007, I have been following a Post Graduate education in ICT Security at Solvay Business School. Currently it's mostly about audit methodologies & ethics. They made me discover about the IIA (Institute for Internal Audit). It seems that they have some excellent documents about auditing technologies.
The IIA is producing a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives. Each Global Technology Audit Guide (GTAG®) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associated risks and recommended practices.
- Guide 7: Information Technology Outsourcing
- Guide 6: Managing and Auditing IT Vulnerabilities
- Guide 5: Managing and Auditing Privacy Risks
- Guide 4: Management of IT Auditing
- Guide 3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment
- Guide 2: Change and Patch Management Controls: Critical for Organizational Success
- Guide 1: Information Technology Controls
- Applications Control (July 2007)
- Identity and Access Management
- Business Continuity
- IT Universe and Risk Assessment
I still have to read most of them but they seem really interesting so far for tactical & strategic use. It's not about technical issues. I will post something about that later on.
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
0 comments:
Post a Comment