The main objective of IT general security audit which might align with some of the commond standards is to discover any security related gaps in the processes, technologies and people. Primarily general IT security audit consists of the following 4 functions:
1) IT General Controls Audit : This function includes generally accepted controls across all information systems implementation. This might include systems development, systems operation, maintenance of systems and support.
2) Application Controls Audit: This function is focsed on a particular application(s) which are in scope. This might include evaluating the input, processing and output controls of that particular application or software. In addition, communication, change control and issues related to integrity and quality of data will also be considered during this type of Applications Control audit.
3) Systems Development Audit: This function includes software or systems developmen ranging from requirement gathering to the final product in production systems. Of particular interest is the change management and super users review in such a situation.
4) Integrated Audit: This function involves working with other auditors in the organization including financial, performance and operational auditors.
databracket’s General IT Audit framework covers the following:
- Overview of Systems and Applications that Handle or Store Organization Information
- Information Security Policy & Supporting Standards
- Organization of Information Security
- Logical Access Control
- Operations Management
- Information Systems Acquisition, Development and Maintenance
- Physical Security
databracket’s certified privacy and security professionals can help your organization comply with the requirement in a most efficient and cost-effective way.
Our deliverables include but not limited to:
- Assessment Report
- Staff Training
- Customized Policies and Procedures