Know your CISA Exam (2)...

Cybersec

The objective of IT Audit

The objectives of IT audit include assessment and evaluation of processes that ensure:

A. Asset safeguarding ‘Assets’ which include the following five types of assets:

·       Data objects in their widest sense, (i.e., external and internal, structured and non- structured, graphics, sound, system documentation etc).

·       Application system is understood to be the sum of manual and programmed procedures.

·       Technology covers hardware, operating systems, database management systems, networking, multimedia, etc. Resources to house and support information systems, supplies etc.

·       Staff skills, awareness and productivity to plan, organize, acquire, deliver, support and monitor information systems and services.

B. Ensures that the following seven attributes of data or information are maintained:

·       Effectiveness – deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner.

·       Efficiency – concerns the provision of information through the optimal (most productive and economical) usage of resources.

·       Confidentiality – concerns protection of sensitive information from unauthorized disclosure.

·       Integrity – relates to the accuracy and completeness of information as well as to its validity in accordance with the business’ set of values and expectations.

·       Availability – relates to information being available when required by the business process, and hence also concerns the safeguarding of resources.

·       Compliance – deals with complying with those laws, regulations and contractual arrangements to which the business process is subject; i.e., externally imposed business criteria. This essentially means that systems need to operate within the ambit of rules, regulations and/or conditions of the organization.

·       Reliability of information