Auditing Your Information Systems and IT Infrastructure: Practical Audit Programs/Checklists for Internal Auditors

Assuring the Security of Your Information Systems and IT Infrastructures (IT Audit and Internal Audit)This edition has been updated to cover virtually all areas of information systems and IT infrastructure. “Auditing Your Information Systems and IT Infrastructure: Practical Audit Programs/Checklists for Internal Auditors”, serves as a reference handbook for IT Auditors and other IT assurance professionals on how to use latest IT auditing techniques and programs to provide assurance on the security of enterprise information systems and IT infrastructure. New chapters on perimeter network security, database security and virtualized infrastructure are included. The book describes leading practices in internal audit and how the internal audit/IT audit function can effectively meet stakeholders’ expectations and add value the business while maintaining its independence. Details on how to conduct specific audits of IT processes, services, systems or infrastructures were provided with hands-on checklists and audit test procedures. The following areas of information systems, processes and IT infrastructures are covered.•Leading practices in internal audit function•Data center•Business continuity management and disaster recovery management •Business process re-engineering (BPR) and automation function •IT governance and strategic planning•Physical and environmental security•Windows infrastructure, intranet and internet security•Financial Technology (Fintech) and Electronic Payment Applications•UNIX operating system infrastructure (IBM AIX & Oracle UNIX)•Core banking application (Finacle, Flexcube and Phoenix)•Payment card (debit, credit & prepaid) processes, systems and applications – PCIDSS Compliance•Employee (Human Resources) Information Systems•Perimeter Network Security•Database security (Oracle and Microsoft SQL Server Database)•Virtualized infrastructureIntended for IT Auditors and other Assurance professionals that are desirous of improving their auditing skills or organizations that are performing risk and control self-assessment (RCSA) exercise from the ground up. What You Will Learn and Benefit:•Build or improve your auditing and control testing techniques/skills by knowing what to look out for and how to verify the existence and adequacy of controls.•Acquire hands-on audit programs/checklists to be used for auditing your core IT systems and infrastructure, which can easily be applied in your environment.•Prepare for and pass management system certification audits such as PCI-DSS, ISO 27001, ISO 2230, ISO 20000 and ISO 90001.•Audit programs/checklists from this book can easily be integrated into standard audit software such as Teammates or MKInsight as they share similar templates.•Expand the scope of your audit testing to cover more areas of concerns or risk exposures.•Strengthen your organization’s internal audit process and control testing, a benefit from an expanded risk/vulnerability register.•Rejuvenate the risk management effective and information security program of your organization, having an improved perspective of inherent risk/vulnerabilities of your IT infrastructure as well as a robust and realistic vulnerability/risk register.•Risk mitigate and treatment plan.Who This Book Is For:IT professionals moving into auditing field; new IT Audit Managers, Directors, Vice Presidents, and would-be Chief Audit Executives (CAEs) and Chief Information Security Officers (CISOs); Security Specialists from other disciplines moving into information risk assurance and security (e.g., former military security professionals, law enforcement professionals, physical security professionals); and information risk and security specialists (e.g. IT Security Managers, IT Risk Managers, IT Control Analyst, Security Engineers/Directors, CIOs, CTOs, COO).