This website uses cookies to ensure you have the best experience. Learn more

Auditing The It Security Function: An Effective Framework

3483 words - 14 pages

IntroductionAs businesses have come to depend very much on their information systems in the last half a century, the importance of having those systems in a fit state to run has become paramount. Not only is good, reliable Electronic Data Processing vital but an increasingly important part of the equation involves the IT Security Function. Without secure information systems a company is vulnerable to exploits from outside as well as within. In recognition of this, ways of measuring and monitoring the effectiveness of security controls and systems have been developed into internationally recognised standards, providing a valuable tool for Auditing the IT Security Function. Convincing management that the audit process is necessary to maintain good security is perhaps one of the main hurdles preventing good auditing practices to be adopted. There are, however, convincing arguments to help persuade those in control of budgets that they need to take responsibility for adequate security.The Role of IT SecurityThe information age went international in the 1980s. However, the fact is that a series of corresponding security weaknesses also came. For example, electronic mails are widely applied in today's daily life and business, while the virus of one computer connected to many others in a honeycomb arrangement may affect another, as usually how great they are interconnected is unknown(Shain,1996). Therefore, information security is increasingly required to take on a considerably vital role in networks.As Shain(1996) points out, security is a wide concept, it is a separated subject with its own theories, "which focus on the process of attack and on preventing, detecting and recovering from attacks". Certainly, these processes should be well organized in coping with the complex system issues. A coherent approach should be taken, which builds on established security standards, procedures and documentation. Actually, "the activities of the IT security function are varying in accordance with the criteria of size and sector"(Osborne, 1998). There are an amount of core activities, including:Standards, procedures and documentation.IT security policy creation and maintenance.Maintenance of capability.Risk assessment.Education and awareness.Firstly, "The most widely recognized security standard is ISO 17799" (Information Security Policy World, 2001). Comprehensive analysis of security problems can be found in ISO 17799, especially followed by a large amount of control requirements, although some of which seem quite difficult to be put in practical way. ISO 17799 contains different topics in its ten major sections. Next, two more important topics will be emphasized ---policy and system maintenance. The IT security policy, like other policies of organizations or government, provides a guideline for the actions. The security policy will help the companies to achieve success in three ways (Dorey, 1996). Most importantly, security requirements for the corporation are...

Find Another Essay On Auditing the IT Security Function: An Effective Framework

Developing an Ethical Framework and Applying It to an Ethical Dilemma

2319 words - 9 pages Introduction It is the purpose of this paper to explain the process by which I have come to develop my own ethical framework and apply this framework to an ethical dilemma. I have discovered through my research that an ethical framework is a collection of guidelines, usually in question format, that function together to support and reinforce the ethical decision-making process. Ethical frameworks can be designed and applied in both personal

A Book Report on Organization and Design of an Effective Budget Function by R. Gregory Michael

1418 words - 6 pages have five chapters of the book. Every chapter is very interesting. First chapter is the introduction that includes the overview of the book “Organization and Design of an Effective Budget Function”. The second chapter is about the functions of the budget office, core budgeting activities, activities related to budgeting, current practice. The third chapter is very interesting and it is about the organizational structure of the budget office

National Response Framework and the Disasters that Created it

1750 words - 7 pages with day-to-day or large scale disasters. One is NRF (National Response Framework) and contained within it is the National Incident Management System (NIMS) which is a set of codes or guidelines set down by the Secretary of Homeland Security, due to HSPD-5 from the President. NIMS offers a new and different approach to handling such disasters as 9/11 and Katrina. At the time of these disasters, the National Response Plan (NRP) was what the

What It Takes To Be An Effective Leader

1183 words - 5 pages ). One of the greatest U.S. presidents is Abraham Lincoln. He was the sixteenth president of the United States. He knew the good strategy to lead his country. His goal was to recreate the union in his nation. Also, he was an emancipator of the slaves. In a biography of Abraham Lincoln, it is mentioned that: “The Union Army's first year and a half of battlefield defeats made it especially difficult to keep morale up and support strong for a

IT Security: The Men Behind the Scenes

1345 words - 6 pages the most precise and important jobs of the modern age. What is IT security? According to, IT security is “The protection of information and information systems against unauthorized access or modification of information, whether in storage, processing, or transit, and against denial of service to authorized users.”(Farlex 1). In other words, the job of an IT security consultant is to shield “sensitive” data, such as credit

The Human Function as It Pertains to Happiness

1332 words - 6 pages questions, though as with all philosophical topics there are those who disagree. To begin the evaluation of human function and whether or not it brings happiness, defining function and what constitutes human function must occur. The dictionary definition of function is ‘an activity that is natural to or the purpose of a thing’ (Oxford, 1978). So we might assume that, since all the parts of the human body have specific functions contributing to the whole

The Importance of IT Auditing in the Modern World of Business

1758 words - 8 pages current paper posits that IT is ubiquitous in every business, and the successful implementation and effective management of the IT audit function calls for a thorough understanding of the legal environment.   Signature Assignment Northcentral University’s course number CIS7006-8 called ‘Foundations of Computer Network Auditing,’ is a Doctoral level course at the School of Business and Technolgy. The course covers the audit profession with

Home Security Systems: Effective Home Security Solution to the Increased Home Burglary Incidents

1339 words - 6 pages he (burglar) looks for, how he gets in, and what he does when he’s in” (Capel, 2009, p. 2). Effectively, based on this rule, as discussed in this essay, Capel shows that an effective home security system that counters burglars should comprise a combination of security approaches, primarily a burglar alarm system, sealed access points and concealed valuable items inside the home. A Burglar Alarm System In a study conducted in Newark from year

Discuss the function of the Inspector in An Inspector Calls

946 words - 4 pages Discuss the function of the Inspector in An Inspector Calls John Boynton Priestly in 1945 wrote the play ‘An Inspector Calls’ but set it in 1912. This time difference creates a sense of dramatic irony as the play was written after it was set. The audience would be aware of the events which had taken place between 1912 and 1945, including world war one and two which they would no doubt have experience first hand. ‘An Inspector Calls

Starbucks: An Analysis with Focus on the Financial Function

2251 words - 9 pages what to elucidate in their marketing. Technological: • IT development – Starbucks should always be looking to develop and improve its IT services. An up-to-date IT department will improve the efficiency of the majority of the company’s business functions providing them with the tools needed to do their part in the most effective and beneficial manner. • Technological advancements – The development in the technology involved in coffee making

Starbucks - An analysis with focus on the financial function

974 words - 4 pages development – Starbucks should always be looking to develop and improve its IT services. An up-to-date IT department will improve the efficiency of the majority of the company’s business functions providing them with the tools needed to do their part in the most effective and beneficial manner. • Technological advancements – The development in the technology involved in coffee making and the software used in the cash registers will allow the staff of

Similar Essays

It Security Policy Framework Essay

979 words - 4 pages Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. The purpose of the Information Security Policy Framework is to insure your organization will be able to provide the minimum security level necessary to maintain confidentiality, integrity, and availability of the information it collects and uses. The ISO/IEC 27000-series consist of

The Foundation Of An Effective Discipline System: Corrections And Security

1149 words - 5 pages inmate violence and will be separated from the population in order to ensure the inmate will be safe. Safety or security cannot be sustained in a facility if it is run with confusion, disruption and disorder. Upholding the correct order helps increase “confidence arid creates a more comfortable environment which, in turn, reduce tension and anxiety among prisoners and staff” ("Prisoner Discipline - Part 1: The Foundation for an Effective Discipline

The Enterprise Systems Implementation: An Integrative Framework

3780 words - 15 pages decision for adopting ES once it has emerged as a contender to acquire. The failure to do this successfully can be extremely costly as demonstrated by an array of failure cases reported. The paper outlines the significance of ES and analyses the adoption related issues. The study provides a framework for the selection process of ES which can be useful in identifying critical factors for further research and supporting managers considering ES

A Good Framework For Examining The Pom Function Is The 5 Ps

971 words - 4 pages prices which the market can bear-Quantity, quality and reliability expectations of each product-Required delivery datesPOM SystemWhile recognizing the POM is a system within a system, it is worthwhile to reiterate that this function has characteristics that distinguish itself from other functions within the organization. POM employs the bulk of the staff, utilizes the bulk of physical assets, requires the bulk of financial resources and is made of