How Should Organizational Information Systems Be Audited for Security Essay

How Should Organizational Information Systems Be Audited for Security - Essay Example S. General Accounting Office; Mandol and Verma; Cert-In; Stanford University; Davis). At the present, businesses should take a number of steps in an attempt to formulate or improve an IS security audit facility. For instance, organizations must clearly outline their business goals and aims. After that, the business should evaluate its own information security audit readiness. However, this kind of evaluation requires from organizations to recognize a variety of matter such as reporting limitations, legal problems, the audit situation, security and safety vulnerabilities, abilities automated tools and associated costs. Additionally, it is essential for the organizations to plan how to decide what information systems security audit projects should be performed for instance both stand-alone information system security audit projects and those projects which require support from the information systems security audit potential. Thus, when the planning stage is successfully completed, bus inesses should be able to connect the aims and objectives selected in the initial phase to the tasks required for their completion. On the other hand, all through the process, businesses should not ignore the resources exist on the Web intended for research and training (U. S. General Accounting Office; Mandol and Verma; Cert-In; Stanford University; Davis). Moreover, making a decision regarding organization’s aims and objectives for developing or improving an information system’s security audit capability will support them in determining and understanding the varieties of skills, tools and training required to carry out this process. In this scenario, it is essential for the organizations to define objectives and aims earlier without initial recognition like that how and by whom the business aims and objectives would be convened (for instance, whether organization resources would be contractor, in-house, shared staff or a number of combinations). In addition, establis hment of temporary milestones will facilitate in attaining a staged accomplishment of organization’s desired policy. Additionally, while constructing an information system security audit potential, administration should review the organization’s information systems security audit willingness by keeping in mind the applicable issues. In this scenario, the implementation of a baseline by recognizing powers and faults will facilitate an organization to choose a most excellent system to proceed (U. S. General Accounting Office; Mandol and Verma; Cert-In; Stanford University; Davis). Moreover, the process of tackling information security risks varies and depends on the nature of the processing carried out by the business and sensitivity of the data and information which is being processed. However, to completely judge these issues and risks, the auditor should completely understand information about the business’s computer operations and major applications. In this s cenario, a most important part of planning to produce or improve a successful information systems security audit potential can encompass activities such as assessing the present staff’s skills, knowledge and capabilities to decide what the audit capability is at the present and what knowledge