Paper Example of Information Security Audit Literature Review

Control has become a critical thing in any organisation in various department. The use of technology also initiates the need for control where information technology security audit comes in (Stallings et al. 2012, pg978). It has been discussed on the relevance, the people involved and the process of information technology security audit. The high rate of change in technology necessitates this action.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

In the past, people would quickly get away with fraud and mishandling of information and other technical items in the job place. The initiation of the IT security audit which involves the manual and the precise measure of technical assessments has proved to reduce these dangers (Herath et al. 2014, pg56).

During the days of mini-computers and the mainframe computers which had large scale, single vendor and custom software for companies such as Hewlett Packard, this audit was a primary factor, seeing their current success (Jaferian et al. 2014, pg345). Commercial off-the-shelf software and software components have replaced the custom software and hardware because it is more cost effective.

Traditionally, the logging in of devised as a security feature was through the sending of a message. The messages had information which it is assumed was for security purposes to the device, and only known to the developer who, most of the time is not responsible for computer and network security (Acar et al. 2017, pg24). The procedure that the audit will follow thus will depend on the developer since every person has their level of creativity in generating security logs and therefore it would be would not be the same for different applications(Kanatov, Atymtayeva & Yagaliyeva, 2015, pg897).

Currently, the majority of the operating system comes from the Microsoft Windows, Mac OSX, Solaris and FreeBSD (Lubis & Siahaan, 2016, pg43). These operating systems unlike the old ones, make use of a standard security development criteria. Audit records for most systems are thus almost universal in structure since these are the most used. The current software security reviews which are in use for these systems include the OpenXDAS and the Bandit project (Asmussen et al. 2016, pg200).

Put into considerations that there is also a difference between general controls and application controls in the security audit. General control involves the audit of all technical infrastructure and not limited to information technology only (Rasheed, 2014, pg365). On the other hand, application control involves transactions and data within the computer application system. These are also some of the factors that guide the IT security audit report outline.

In as much as there is an audit team with an excellent reporting system, auditor's value-added skill should be ploughed into the process through the interpretation of the audit results (Steinbart et al. 2018, pg25). The goal for each of these audits is to reflect on the organisation's risk especially of the operating systems. This is because audit tools may lack analytical insight and often give false or inaccurate interpretations of results (Goodman, Straub & Baskaville, 2016, pg167)). This aspect will also follow the fact that it is better to prevent risk rather than repairing the damage. Regulatory compliance may become a challenge in the absence of a single comprehensive and integrated approach to Information Technology security audit.

The importance of these research paper is that it will give an insight into the definition and importance of the information technology, the people who are involved in the audit, the need for these audits and the procedures that are followed in the auditing process. The data that will be collected can be presented to other interested teams who may want to do further research on the same topic.

References

Acar, Y., Stransky, C., Wermke, D., Weir, C., Mazurek, M.L. and Fahl, S., 2017, September. Developers need support, too: A survey of security advice for software developers. In 2017 IEEE Cybersecurity Development (SecDev) (pp. 22-26). IEEE.

Asmussen, N., Volp, M., Nothen, B., Hartig, H. and Fettweis, G., 2016. M3: A hardware/operating-system co-design to tame heterogeneous many cores. ACM SIGOPS Operating Systems Review, 50(2), pp.189-203.

Goodman, S., Straub, D.W. and Baskerville, R., 2016. Information security: policy, processes, and practices. Routledge. pp.121-180

Herath, H.S. and Herath, T.C., 2014. IT security auditing: A performance evaluation decision model. Decision Support Systems, 57, pp.54-63.

Jaferian, P., Hawkey, K., Sotirakopoulos, A., Velez-Rojas, M. and Beznosov, K., 2014. Heuristics for evaluating IT security management tools. Human-Computer Interaction, 29(4), pp.311-350.

Kanatov, M., Atymtayeva, L. and Yagaliyeva, B., 2014, December. Expert systems for information security management and audit. Implementation phase issues. In 2014 Joint 7th International Conference on Soft Computing and Intelligent Systems (SCIS) and 15th International Symposium on Advanced Intelligent Systems (ISIS) (pp. 896-900). IEEE.

Lubis, A. and Siahaan, A.P.U., 2016. Network Forensic Application in General Cases. IOSR J. Comput. Eng, 18(6), pp.41-44.

Rasheed, H., 2014. Data and infrastructure security auditing in cloud computing environments. International Journal of Information Management, 34(3), pp.364-368.

Stallings, W., Brown, L., Bauer, M.D. and Bhattacharjee, A.K., 2012. Computer security: principles and practice (pp. 978-0). Upper Saddle River (NJ: Pearson Education.

Steinbart, P.J., Raschke, R.L., Gal, G. and Dilla, W.N., 2018. The influence of a good relationship between the internal audit and information security functions on information security outcomes. Accounting, Organizations and Society, 71, pp.15-29.