Auditing the IT security function

被引:7
|
作者
Osborne, K [1 ]
机构
[1] ICL, Bracknell RG12 8SN, Berks, England
来源
COMPUTERS & SECURITY | 1998年 / 17卷 / 01期
关键词
D O I
10.1016/S0167-4048(97)80248-9
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The audit of the IT security function is the same as the audit of any other line function. A number of aspects should be examined. The first is to see whether the IT security function's approach is aligned with the five key pointers for effectiveness. From the management perspective, it is should be determined whether the IT security function is effectively communicating IT security policies and requirements to the organization as a whole. On the technical side, the IT security function's responsibilities for security products, both hardware and software should be examined. It must also be seen how effectively the function has defined its requirements, evaluated and selected products, and implemented them. Also, the public face of the IT security function should be examined to see how outward facing the function is. Finally, aspects such as internal controls, cost-effectiveness and value-for-money should be considered.
引用
收藏
页码:34 / 41
页数:8
相关论文
共 50 条
  • [41] ATTEST FUNCTION OR ASSURANCE FUNCTION - AUDITING AT CROSSROADS
    CARMICHA.DR
    JOURNAL OF CONTEMPORARY BUSINESS, 1974, 3 (03): : 53 - 68
  • [42] Wireless Security Auditing: Attack Vectors and Mitigation Strategies
    Devi, Aarthy A.
    Mohan, Ashok Kumar
    Sethumadhavan, M.
    7TH INTERNATIONAL CONFERENCE ON ADVANCES IN COMPUTING & COMMUNICATIONS (ICACC-2017), 2017, 115 : 674 - 682
  • [43] SECURITY AUDITING OF INTERNET OF THINGS DEVICES IN A SMART HOME
    Majumdar, Suryadipta
    Bastos, Daniel
    Singhal, Anoop
    ADVANCES IN DIGITAL FORENSICS XVII, 2021, 612 : 213 - 234
  • [44] A Hierarchical Security-Auditing Methodology for Cloud Computing
    Han, Zhuobing
    Li, Xiaohong
    Stroulia, Eleni
    2015 IEEE 12TH INTERNATIONAL CONFERENCE ON SERVICES COMPUTING (SCC 2015), 2015, : 202 - 209
  • [45] On the Security of an Efficient Dynamic Auditing Protocol in Cloud Storage
    Ni, Jianbing
    Yu, Yong
    Mu, Yi
    Xia, Qi
    IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS, 2014, 25 (10) : 2760 - 2761
  • [46] Security enhancement of an auditing scheme for shared cloud data
    Rabaninejad, Reyhaneh
    Attari, Mahmoud Ahmadian
    Asaar, Maryam Rajabzadeh
    Aref, Mohammad Reza
    INTERNATIONAL JOURNAL OF INTERNET PROTOCOL TECHNOLOGY, 2022, 15 (01) : 60 - 68
  • [47] Physical Security Auditing for Utilities: A Guide to Resilient Substation
    Mahato, Nawaraj Kumar
    Yang, Jiaxuan
    Yang, Junfeng
    Gong, Gangjun
    Hao, Jianhong
    SAFETY, 2024, 10 (03)
  • [48] An Efficient Auditing Scheme for Data Storage Security in Cloud
    Agarkhed, Jayashree
    Ashalatha, R.
    PROCEEDINGS OF 2017 IEEE INTERNATIONAL CONFERENCE ON CIRCUIT ,POWER AND COMPUTING TECHNOLOGIES (ICCPCT), 2017,
  • [49] Cloud Security Auditing: Major Approaches and Existing Challenges
    Suryadipta, Majumdar
    Madi, Taous
    Jarraya, Yosr
    Pourzandi, Makan
    Wang, Lingyu
    Debbabi, Mourad
    FOUNDATIONS AND PRACTICE OF SECURITY, FPS 2018, 2019, 11358 : 61 - 77
  • [50] Standards and Frameworks for Information System Security Auditing and Assurance
    Spremic, Mario
    WORLD CONGRESS ON ENGINEERING, WCE 2011, VOL I, 2011, : 514 - 519
12345