1. Home
  2. Lainnya

IT component decomposition

IT component decomposition

Organizations can facilitate planning and efficient performance of IT audits by clearly identifying IT assets and technical controls to be addressed within each type of audit. Decomposing IT audit subject areas into individual technologies helps to more accurately determine the scope of each audit, the skill sets and competen- cies needed by the auditors, and the level of resources necessary to complete the audit process. IT audit plans reflect the type of audit and its intended purpose, the IT components it will examine, and the procedures, protocols, standards, or criteria auditors will use. Decomposing the IT assets and corresponding controls included in an audit is analogous to the business-centric process of clearly defining the organ- izational level (e.g., enterprise, business unit, operational function, and project) to which the audit applies. Many approaches to information technology decomposi- tion use architectural frameworks or reference models to categorize different tech- nologies and determine the appropriate audit procedures to use for each component under examination. Such frameworks typically distinguish among IT systems, the environments in which those systems operate, and models or views describing the details of underlying technology components and their interaction [10] .

There is no single standard or “best” method to evaluating systems or techni- cal environments. One approach involves decomposing a system into its constituent parts and auditing each component individually, applying similar audit protocols across all major elements but also using technology-specific procedures or check- lists where appropriate. Organizations may use their own system architecture stand- ards or models as a guide for decomposing their systems in a consistent manner or follow available external standards applicable to the types of systems they maintain. Commonly used models for system decomposition include the seven-layer Open Systems Interconnection model described in ISO/IEC 7498-1 [11] , the software architecture design specified in ISO/IEC 12207 [12] , or other systems and soft- ware architecture description languages conforming to ISO/IEC/IEEE 42010 [10] . To audit a typical n-tier architected system, for example, an auditor using such an approach might separately examine the web server, application server, database, middleware or other integration technology as well as the administrators, support personnel, and end users who access the system. An alternative approach to audit- ing systems at the individual component level considers all components, points of integration, and data flows together as the basis for an end-to-end examination, sometimes called path analysis (or critical path analysis, or transaction path analy- sis). As illustrated in Figure 6.3 , this approach—informed by methods used in var- ied contexts such as network traffic analysis and behavioral analytics—defines the system scope by tracing the flow of information from initiation by a user or other system through all points of interaction. Path analysis may offer a more appropriate audit approach for transactional systems or those supporting processes with clearly correlated inputs and outputs.

Common categories or IT components representing audit subject areas include the eight IT elements shown in the center of Figure 6.1 . Some special audit

Auditing Different IT Assets 115

Request

Response

User Internet Boundary Firewall Web Firewall Application Database router

One approach to auditing IT systems focuses on the end-to-end flow of information associated with a transaction or other type of user or system interaction.

considerations also apply in certain types of operating environments such as cloud computing or other uses of server virtualization technology, and system or applica- tion access using web browsers, mobile devices, or other types of client applica- tions and interfaces. The following sections briefly describe the context and audit considerations applicable to different IT components.

Dokumen yang terkait

Food and Nutritional Toxicology

0 1 308

POTENSI EKSTRAK DAUN PINUS (Pinus merkusii Jungh. et de Vriese) SEBAGAI BIOHERBISIDA PENGHAMBAT PERKECAMBAHAN Echinochloa colonum L. DAN Amaranthus viridis. ( Potencies of Pine leaf Extract (Pinus merkusii Jungh. et de Vriese) as Bioherbicides for Geminat

0 0 9

Chapter 4 The Study of Chemical Reactions

0 0 44

TUGAS 9 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS IT “CARA PENYUSUNAN INSTRUMEN EVALUASI MEDIA DAN CONTOH ANGKET MEDIA PEMBELAJARAN” OLEH VEFRA YULIANI (14175036) KELAS A DOSEN PEMBIMBING: PROF. DR. FESTIYED, MS DR. USMELDI, M.PD PENDIDI

0 0 14

TUGAS 3 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS IT “TEORI PEMBUATAN MEDIA PRESENTASI YANG KREATIF, EFEKTIF, EFISIEN, MENARIK SERTA INTERAKTIF UNTUK PEMBELAJARAN” OLEH KELOMPOK 5 VEFRA YULIANI (14175036) DOSEN PEMBIMBING: PROF. DR. FEST

0 1 25

TUGAS 2 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS ICT “PERKEMBANGAN PEMBELAJARAN BERBASIS IT TERKINI” OLEH KELOMPOK 4 VEFRA YULIANI (14175036) DOSEN PEMBIMBING: Prof. Dr. Festiyed, MS Dr. Usmeldi, M.Pd PENDIDIKAN FISIKA PROGRAM PASCA SAR

0 0 26

PUSAT PENELITIAN OSEANOGRAFI LIPI CORAL REEF REHABILITATION AND MANAGEMENT PROGRAM (COREMAP) Phase II Coral Reef Information and Training Centers (CRITC)

0 0 79

OPTIMALISASI JUMLAH PEMBERIAN KONSENTRAT PADA PROGRAM PENGGEMUKAN SAPI PERANAKAN ONGOLE (PO) The optimum amounts of concentrate applied on the feedlot program of the male Ongole Cattle (MOC) Hybrid

0 0 7

LOGICAL Type and Variables

0 0 48

The elements and principles of graphic design used in desktop publishing

0 0 65