This week`s resource selections focus on IT audit guidance that covers the evaluation of a variety of critical IT activities.
One of the key benefits of these guides is the self assessment by IT and other managers that can be facilitated, in advance of a formal internal audit.
Finally, I’d very much welcome your feedback on the IT audit guidance.
Have another great week.
Dan Swanson
The IT Audit Checklist series
http://www.t2pa.com/component/remository/ITACs/
IT Audit Checklist: Change Management
Checklist supporting an internal audit of the organization's change management policies in order to verify compliance and look for opportunities to improve efficiency, effectiveness, and economy. The guidance includes 187 specific checklist items.
IT Audit Checklist: Information Security
Supports an internal audit of the organization's information security program with guidance on improving information security programs and processes. The guidance includes 228 specific checklist items.
IT Audit Checklist: IT Governance and Strategy
Guidance on assessing the completeness, effectiveness, and sustainability of existing IT governance and strategy. The guidance includes 74 specific checklist items.
IT Audit Checklist: Privacy and Data Protection
This paper supports an internal audit of regulatory, legal, and reputational protection requirements related to customer data protection.
Advice on the necessary preparation, planning, and communication strategies involved in a successful risk-management audit. The guidance includes 80 specific checklist items.
The question is not whether PCI can represent effective security (it can); but rather, how to make compliance make sense in the enterprise context. This paper supports integration of PCI into a companies strategic risk- and security-management practices.
http://www.t2pa.com/component/remository/pci-research/