Related Research Articles
Configuration management (CM) is a systems engineering process for establishing and maintaining consistency of a product's performance, functional, and physical attributes with its requirements, design, and operational information throughout its life. The CM process is widely used by military engineering organizations to manage changes throughout the system lifecycle of complex systems, such as weapon systems, military vehicles, and information systems. Outside the military, the CM process is also used with IT service management as defined by ITIL, and with other domain models in the civil engineering and other industrial engineering segments such as roads, bridges, canals, dams, and buildings.
An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon." Auditing also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditors consider the propositions before them, obtain evidence, roll forward prior year working papers, and evaluate the propositions in their auditing report.
A financial audit is conducted to provide an opinion whether "financial statements" are stated in accordance with specified criteria. Normally, the criteria are international accounting standards, although auditors may conduct audits of financial statements prepared using the cash basis or some other basis of accounting appropriate for the organization. In providing an opinion whether financial statements are fairly stated in accordance with accounting standards, the auditor gathers evidence to determine whether the statements contain material errors or other misstatements.
Windows Update is a Microsoft service for the Windows 9x and Windows NT families of the Microsoft Windows operating system, which automates downloading and installing Microsoft Windows software updates over the Internet. The service delivers software updates for Windows, as well as the various Microsoft antivirus products, including Windows Defender and Microsoft Security Essentials. Since its inception, Microsoft has introduced two extensions of the service: Microsoft Update and Windows Update for Business. The former expands the core service to include other Microsoft products, such as Microsoft Office and Microsoft Expression Studio. The latter is available to business editions of Windows 10 and permits postponing updates or receiving updates only after they have undergone rigorous testing.
Deloitte Touche Tohmatsu Limited, commonly referred to as Deloitte, is a British multinational professional services network. Deloitte is the largest professional services network by revenue and number of employees in the world and is considered one of the Big Four accounting firms, along with EY, KPMG, and PwC.
In computing, security-evaluated operating systems have achieved certification from an external security-auditing organization, the most popular evaluations are Common Criteria (CC) and FIPS 140-2.
An information technology audit, or information systems audit, is an examination of the management controls within an Information technology (IT) infrastructure and business applications. The evaluation of evidence obtained determines if the information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives. These reviews may be performed in conjunction with a financial statement audit, internal audit, or other form of attestation engagement.
Computer-assisted audit tool (CAATs) or computer-assisted audit tools and techniques (CAATTs) is a growing field within the IT audit profession. CAATs is the practice of using computers to automate the IT audit processes. CAATs normally include using basic office productivity software such as spreadsheets, word processors and text editing programs and more advanced software packages involving use statistical analysis and business intelligence tools. But also more dedicated specialized software are available.
Information technology controls are specific activities performed by persons or systems to ensure that computer systems operate in a way that minimises risk. They are a subset of an organisation's internal control. IT control objectives typically relate to assuring the confidentiality, integrity, and availability of data and the overall management of the IT function. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls. ITGC includes controls over the hardware, system software, operational processes, access to programs and data, program development and program changes. IT application controls refer to controls to ensure the integrity of the information processed by the IT environment. Information technology controls have been given increased prominence in corporations listed in the United States by the Sarbanes-Oxley Act. The COBIT Framework is a widely used framework promulgated by the IT Governance Institute, which defines a variety of ITGC and application control objectives and recommended evaluation approaches.
An information security audit is an audit of the level of information security in an organization. It is an independent review and examination of system records, activities, and related documents. These audits are intended to improve the level of information security, avoid improper information security designs, and optimize the efficiency of the security safeguards and security processes. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized as technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases, and highlights key components to look for and different methods for auditing these areas.
A system profiler is a program that can provide detailed information about the software installed and hardware attached to a computer. Typically workstations and personal computers have had system profilers as a common feature since the mid-1990s.
A software audit review, or software audit, is a type of software review in which one or more auditors who are not members of the software development organization conduct "An independent examination of a software product, software process, or set of software processes to assess compliance with specifications, standards, contractual agreements, or other criteria".
The XTS-400 is a multilevel secure computer operating system. It is multiuser and multitasking that uses multilevel scheduling in processing data and information. It works in networked environments and supports Gigabit Ethernet and both IPv4 and IPv6.
BoundsChecker is a memory checking and API call validation tool used for C++ software development with Microsoft Visual C++. It was created by NuMega in the early 1990s. When NuMega was purchased by Compuware in 1997, BoundsChecker became part of a larger tool suite, DevPartner Studio. Micro Focus purchased the product line from Compuware in 2009. Comparable tools include Purify, Insure++ and Valgrind.
Quality engineering is the discipline of engineering concerned with the principles and practice of product and service quality assurance and control. In software development, it is the management, development, operation and maintenance of IT systems and enterprise architectures with a high quality standard.
Lynis is an extensible security audit tool for computer systems running Linux, FreeBSD, macOS, OpenBSD, Solaris, and other Unix derivatives. It assists system administrators and security professionals with scanning a system and its security defenses, with the final goal being system hardening.
Continuous auditing is an automatic method used to perform auditing activities, such as control and risk assessments, on a more frequent basis. Technology plays a key role in continuous audit activities by helping to automate the identification of exceptions or anomalies, analyze patterns within the digits of key numeric fields, review trends, and test controls, among other activities.
Control self-assessment is a technique developed in 1987 that is used by a range of organisations including corporations, charities and government departments, to assess the effectiveness of their risk management and control processes.
Risk assurance is often associated with accounting practices and is a growing industry whereby internal processes are developed to create a "checks and balances" system. These checks predominantly identify differences between risk appetite and real risk .Business risk refers to factors that can affect the company, both internally and externally. There are various types of business risks: strategic, compliance, financial and operational. Risk assurance aims to mitigate any of these areas. As such, companies can pre-analyse the industry to scout for potential risks or if a risk has already occurred, managers can analyse the problem in an attempt to mitigate the effects.
Audit technology is the use of computer technology to improve an audit. Audit technology is used by accounting firms to improve the efficiency of the external audit procedures they perform.
References
- 1 2 Bosavage, Jennifer (June 7, 2006). "New Service Seeks Out Security Gaps". Dark Reading. United Business Media. TechWeb. Archived from the original on October 25, 2018. Retrieved May 20, 2009.
- 1 2 3 "A Brief History". SekChek. Archived from the original on 3 March 2017. Retrieved 6 November 2018.
- ↑ "IT Security Review Services - SekChek". Deloitte. Archived from the original on February 4, 2007.
- ↑ "Notice of SekChek's closure on 31 May 2018". SekChek. Archived from the original on 5 November 2018. Retrieved 5 November 2018.
- 1 2 "SekChek Provides Independent Reality Check of OS Security" (Press release). Tippit Inc. 27 June 2006. Archived from the original on 3 March 2016.
Independent, objective, and reliable evaluation of a company's computer security is the key deliverable of SekChek
- ↑ "Computer Security Evaluator SekChek Announces Compatibility with Microsoft Windows Vista" (Press release). DABCC. 5 October 2007. Archived from the original on 4 March 2016.
- ↑ "SekChek Marks 10-Year Anniversary, Providing Unique Security Assessment Tools" (Press release). SpecialNoise. 26 June 2007. Archived from the original on 3 March 2016.
- ↑ "Compare Classic Software" (PDF). SekChek Classic. Archived from the original on 3 March 2017.
- ↑ "AD Product Specifications" (PDF). SekChek Local. Archived (PDF) from the original on 3 March 2017.
- ↑ "SAM Product Specifications" (PDF). SekChek Local. Archived (PDF) from the original on 3 March 2017.
- ↑ Kearns, Dave (10 May 2006). "SekChek evaluates security". Network World . International Data Group. Archived from the original on 2 April 2012. Retrieved 20 May 2009.
- "Audit Programs & ICQs". isaca.org. Archived from the original (Fee required) on 2007-07-11. Retrieved 2018-12-13.
- "Annual Specialist IT Audit Activity Report 2004/5" (PDF). LB Bromley Internal Audit Report. November 2006. Archived from the original (PDF) on 2011-08-27. Retrieved 2009-05-20.
- Carroll, Mariana (November 2006). "An Information Systems Auditor's Profile" (PDF). UNISA Dissertation.
These reports can be used to identify weaknesses as well as risk ratings and suggested corrective actions. These statements are supported by Mookhey (2004) when he asserts that "the use of these tools for security auditing is prevalentand driven mainly by the inherent complexity within information systems.
[ dead link ]