1. Home
  2. Lainnya

I objectivity, 47–48

I objectivity, 47–48

IAASB. See International Auditing and Assurance as organizational capability, 46–55 Standards Board (IAASB)

overview, 45–46

IACIS. See International Association of Computer

planning, 153–154

Investigative Specialists (IACIS) Internal Control—Integrated Framework, 107–108, IACRB. See Information Assurance Certification

Review Board (IACRB)

Internal controls, 4–6

IEC. See International Electrotechnical Commission

administrative controls, 5–6

(IEC)

categorizing, 5–6, 6b

IEEE. See Institute of Electrical and Electronics

defined, 4–5

Engineers (IEEE)

examples, 6t

IFAC. See International Federation of Accountants

operational auditing, 89

(IFAC)

physical controls, 5–6

IIA. See Institute of Internal Auditors (IIA)

technical controls, 5–6

Independence International Accounting Standards Board (IASB), external auditing, 68–70

internal auditing, 47–48 International Association of Computer Investigative Industry standards, compliance, 97

Specialists (IACIS), 216

Information, use in audit reports, 160 International Auditing and Assurance Standards Information Assurance Certification Review Board

Board (IAASB), 169–171

(IACRB), 216 International Council of E-Commerce Consultants Information security

(EC-Council), 216

certification, 143–144 International Electrotechnical Commission (IEC), Information security management system (ISMS),

17–20, 143–144, 177 International Federation of Accountants (IFAC), audit in, 19–20

Information Systems Audit and Control Association

audit standards, 206

(ISACA), 199, 206–208 International Federation of Accountants (IFAC) audit standards, 206

Code of Ethics, 48

certifications, 207–208 International health data privacy protection laws, Information Technology Infrastructure Library

(ITIL), 2–3, 119–120, 139, 182–183, 183f, 184t International Information Systems Security Information Technology Management Reform Act

Certification Consortium (ISC), 213–214 of 1996, 139

certifications, 214

242 Index

International Organisation of Supreme Audit ISSAI. See International Standards of Supreme Institutions (INTOSAI), 204–205

Audit Institutions (ISSAI) audit standards, 205

ISSAI 5310, 188

International Organization for Standardization ITAF. See IT Assurance Framework (ITAF) (ISO), 5–6, 141, 177, 178f, 183–185, 185t,

IT assets, auditing, 112–119, 113t 208–209

decomposition, 114–119 audit standards, 208–209

databases, 116 International Professional Practices Framework

data centers, 118 (IPPF), 45, 163, 173–177, 175f, 176t

hardware, 116–117 International Society for Automation (ISA) standard

interfaces, 119 62443, 93

networks, 117 International Society of Forensic Computer

operating systems, 116 Examiners (ISFCE), 216

storage, 117

International Standards of Supreme Audit systems and applications, 115 Institutions (ISSAI), 10, 188

virtualized environments, 118–119 International Standards on Auditing (ISA), 18, 47,

IT Assurance Framework (ITAF), 178–179 169–172, 171t

IT Audit Framework (ISACA), 163 INTOSAI. See International Organisation of

IT Examination Handbook, 53–54 Supreme Audit Institutions (INTOSAI)

IT governance, 2–5, 129 IPPF. See International Professional Practices

audit in, 4–5

Framework (IPPF)

defined, 2

ISA. See International Standards on Auditing (ISA) and management frameworks ISACA. See Information Systems Audit and Control

COBIT®, 178–180, 180f, 181t Association (ISACA)

ITIL ® , 182–183, 183f, 184t ISACA’s Code of Professional Ethics, 48

processes and controls, 3 ISC. See International Information Systems

IT Governance Institute, 4–5 Security Certification Consortium (ISC)

ITIL. See Information Technology Infrastructure ISFCE. See International Society of Forensic

Library (ITIL)

Computer Examiners (ISFCE) “ITIL certification,”, 183 ISMS. See Information security management

IT operations, 120–121 system (ISMS)

IT-specific auditing, 98–102 ISO. See International Organization for

information systems controls, 100–102 Standardization (ISO)

process maturity, 98–99 ISO 9000, 94

provision of services, 99–100 ISO 9001, 14, 15f, 142–143 ISO 19011, 162–163, 177

ISO/IEC 7498-1, 114, 127 Laws and regulations, 130–141, 131t ISO/IEC 12207, 114, 127

European Council Directive 2006/43/EC, 133 ISO/IEC 15288, 124

Graham-Leach-Bliley Act, 133 ISO/IEC 15504, 11

government sector laws, 139–141 ISO/IEC 17799, 143

Federal Information Security Management ISO/IEC 20000, 99–100, 144, 183–185

Act, 140

ISO/IEC 27000, 143, 189 Privacy Act, 140–141 ISO/IEC 27001, 18–19, 19f, 143, 177, 189

health industry-specific laws, 133 ISO/IEC 27002, 18, 111

Health Information Technology for Economic security clauses and categories, 190t

and Clinical Health Act, 134–135 ISO/IEC 27005, 6

Health Insurance Portability and ISO/IEC 27007, 177

Accountability Act of 1996, 134 ISO/IEC 31000, 6

international health data privacy protection ISO/IEC 38500, 183–185

laws, 135

ISO/IEC/IEEE 42010, 114, 127 securities industry, 131–133 ISO/IEC 38500 standard, 3–4

Sarbanes-Oxley Act of 2002, 132

Index 243

Securities and Exchange Commission, 132 policies, processes, and procedures, 89–90 security and privacy laws, 135–138

program or project-focused, 91 Computer Fraud and Abuse Act of 1986, 137

Operational effectiveness, 144–145 Electronic Communications Privacy Act, 138

Organizational controls, 111–112, 111f European Council Directive 95/46/EC,

Organizational participation, external auditing, 136–137

state security and privacy laws, 138 OWASP. See Open Web Application Security Legal compliance, 96

Project (OWASP)

Methodologies and frameworks, 167

Path analysis, 114, 115f

COSO, 172–173, 173f, 174t Payment Card Industry Data Security Standards GAAS, 169, 170t

(PCI DSS), 97–98, 215–216

government-focused methodologies, 185–188 PCAOB. See Public Company Accounting FISCAM, 186, 187f, 187t

Oversight Board (PCAOB)

ISSAI, 188 PCI DSS. See Payment Card Industry Data Security IPPF, 173–177, 175f, 176t

Standards (PCI DSS)

ISA, 169–172, 171t Performance. See Audit performance ISO, 177, 178f, 183–185, 185t

Plan-do-check-act (PDCA), 15–16, 16f, 149, IT governance and management frameworks

COBIT®, 178–180, 180f, 181t

Planning. See Audit planning

ITIL ® , 182–183, 183f, 184t PMBOK. See PMI Project Management Body of overview, 167, 168t

Knowledge (PMBOK)

relevant source material, 193–194 PMI Project Management Body of Knowledge security control assessment frameworks, 188–193

(PMBOK), 126

ISO/IEC 27000 series, 189

Preliminary data gathering

NIST security control assessment guidance,

audit preparation and, 152

191–192, 192t

Privacy Act of 197, 140–141 Process. See Audit process(es)

Production phase, of SDLC, 124–125 National Commission on Fraudulent Financial

National Institute of Standards and Technology

defined, 49b

(NIST), 6b, 140, 163

establishing, 48–55

risk management framework, 8–9, 9f and project management, 121–122 security control assessment guidance, 191–192,

responsibilities, 53–55

192t

Programmatic auditing, 87

Special Publication 800-30, 10 Program or project-focused auditing, 91 Networks, 117

Program responsibilities, internal auditing, 53–55 New York Stock Exchange, 9–10

Project-focused auditing. See Program or project- NIST. See National Institute of Standards and

focused auditing

Technology (NIST) Public Company Accounting Oversight Board (PCAOB), 11–12, 68–69, 132

Objectivity, internal auditing, 47–48

Open Systems Interconnection model, 114

Quality assurance, 14–17, 129

Open Web Application Security Project (OWASP), and continuous improvement, 145 215

defined, 14

Operating systems, 116

Quality certification, 142–143

Operational auditing, 87–91

Quality management, 14–17

internal controls, 89

audit in, 17

244 Index

Electronic Communications Privacy Act, 138 Recommended Security Controls for Federal

European Council Directive 95/46/EC, 136–137 Information Systems and Organizations, 140

Security control assessment frameworks, 188–193 Regulatory auditors, 78–79

ISO/IEC 27000 series, 189 Reporting findings, audit processes, 158–161

NIST security control assessment guidance, findings vs. conclusions, 159

191–192, 192t responding to audit results, 160–161

Security management, 93–94 using information in audit reports, 160

SEI. See Software Engineering Institute (SEI) Reporting on Controls at a Service Organization,

Service management, 92–93 53–54

certification standards, 144 Resource allocation, in audit preparation, 151–152

Service Organization Control (SOC) reports, 75–76, Results, audit, 160–161

93, 143

Retirement phase, of SDLC, 126

SERVQUAL, 14

Risk, defined, 5–6

Six Sigma, 14, 142

Risk assessment, 9–10 Software Assurance Maturity Model (SAMM), 215 Risk management, 5–10, 108–109, 129

Software Engineering Institute (SEI), 212 audit in, 9–10

SSCP. See Systems Security Certified Practitioner components, 8–9

(SSCP) Statements on Auditing Standards (SAS), 200, 202t

Dokumen yang terkait

Food and Nutritional Toxicology

0 1 308

POTENSI EKSTRAK DAUN PINUS (Pinus merkusii Jungh. et de Vriese) SEBAGAI BIOHERBISIDA PENGHAMBAT PERKECAMBAHAN Echinochloa colonum L. DAN Amaranthus viridis. ( Potencies of Pine leaf Extract (Pinus merkusii Jungh. et de Vriese) as Bioherbicides for Geminat

0 0 9

Chapter 4 The Study of Chemical Reactions

0 0 44

TUGAS 9 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS IT “CARA PENYUSUNAN INSTRUMEN EVALUASI MEDIA DAN CONTOH ANGKET MEDIA PEMBELAJARAN” OLEH VEFRA YULIANI (14175036) KELAS A DOSEN PEMBIMBING: PROF. DR. FESTIYED, MS DR. USMELDI, M.PD PENDIDI

0 0 14

TUGAS 3 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS IT “TEORI PEMBUATAN MEDIA PRESENTASI YANG KREATIF, EFEKTIF, EFISIEN, MENARIK SERTA INTERAKTIF UNTUK PEMBELAJARAN” OLEH KELOMPOK 5 VEFRA YULIANI (14175036) DOSEN PEMBIMBING: PROF. DR. FEST

0 1 25

TUGAS 2 MATA KULIAH PENGEMBANGAN MEDIA PEMBELAJARAN FISIKA BERBASIS ICT “PERKEMBANGAN PEMBELAJARAN BERBASIS IT TERKINI” OLEH KELOMPOK 4 VEFRA YULIANI (14175036) DOSEN PEMBIMBING: Prof. Dr. Festiyed, MS Dr. Usmeldi, M.Pd PENDIDIKAN FISIKA PROGRAM PASCA SAR

0 0 26

PUSAT PENELITIAN OSEANOGRAFI LIPI CORAL REEF REHABILITATION AND MANAGEMENT PROGRAM (COREMAP) Phase II Coral Reef Information and Training Centers (CRITC)

0 0 79

OPTIMALISASI JUMLAH PEMBERIAN KONSENTRAT PADA PROGRAM PENGGEMUKAN SAPI PERANAKAN ONGOLE (PO) The optimum amounts of concentrate applied on the feedlot program of the male Ongole Cattle (MOC) Hybrid

0 0 7

LOGICAL Type and Variables

0 0 48

The elements and principles of graphic design used in desktop publishing

0 0 65