- Unbound
- Publisher: John Wiley & Sons (April 2003)
- ISBN-10: 0471466298
- ISBN-13: 978-0471466291
- See Complete Table of Contents
| |||||||||||||||
Did you know you can trade in your old books for an Amazon.co.uk Gift Card to spend on the things you want? Visit the Amazon.co.uk Trade-In Store for more details. |
Product details |
More About the Author
Product Description
Product Description
Have you been asked to perform an information systems audit and don′t know where to start? Examine a company′s hardware, software, and data organization and processing methods to ensure quality control and security with this easy, practical guide to auditing computer systems––the tools necessary to implement an effective IS audit. In nontechnical language and following the format of an IS audit program, you′ll gain insight into new types of security certifications (e.g., TruSecure, CAP SysTrust, CPA WebTrust) as well as the importance of physical security controls, adequate insurance, and digital surveillance systems.
Order your copy today! --This text refers to the Hardcover edition.
From the Inside Flap
Increasingly, auditors, information security professionals, managers, and audit committees are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many of these stakeholders are unfamiliar with the techniques they can use to efficiently and effectively determine whether information systems are adequately protected. Auditing Information Systems, Second Edition presents an easy, practical guide to auditing information systems that can be applied to all computing environments.
With the Second Edition of this popular resource, auditors will be able to examine an organization’s hardware, software, data protection, and processing methods to ensure that adequate controls and security are in place. Little in the way of prerequisite technical know–how is required. Author Jack Champlain begins by explaining the basics of any computer system–the central processing unit, operating system, and application system–giving every auditor the tools needed to begin an audit. This is followed by a step–by–step approach for conducting information systems audits, detailing specific procedures that auditors can readily apply to their own organizations. The Second Edition devotes special attention to the issues of most concern to information managers today. It provides over 80 case studies that demonstrate how concepts can be applied in real–world situations. Chapter topics include:
- Information systems audit approach (physical, logical, environmental security)
- Security certifications such as SAS 70, TruSecure, CPA SysTrust, and WebTrust
- Computer forensics
- E–commerce and Internet security (including encryption and cryptography)
- Information privacy laws and regulations
- Information systems project management controls
- New technologies and future risks
As networks and enterprise resource planning (ERP) systems bring resources together, and as increasing privacy violations and international political volatility threaten more organizations, information systems integrity becomes more important than ever. Auditing Information Systems, Second Edition empowers auditors, information security professionals, managers, and audit committees to effectively gauge the adequacy and effectiveness of information systems controls. --This text refers to the Hardcover edition.
Tag this product(What's this?)Think of a tag as a keyword or label you consider is strongly related to this product.
Tags will help all customers organise and find favourite items. |
Sell a Digital Version of This Book in the Kindle Store
If you are a publisher or author and hold the digital rights to a book, you can sell a digital version of it in our Kindle Store.
Learn more
Customer Reviews
There are no customer reviews yet on Amazon.co.uk.
5 star
4 star
3 star
2 star
1 star
Most Helpful Customer Reviews on Amazon.com (beta)
Amazon.com:
3 reviews
10 of 10 people found the following review helpful
Good introduction and overview of IS audit
5 April 2004
Format:Hardcover
This is a readable and current introduction to information systems auditing from a qualified and experienced IS auditor.
The book consists of three parts. Part One introduces core information systems concepts and is aimed at readers without much background in IS; Part Two introduces IS audit itself, and Part Three discusses some additional concepts and issues, such as control self-assessment and the human factor. Case studies are extensively used throughout the book to illustrate concepts, approaches and procedures discussed in the text.
While the author is writing from a US perspective and has US work experience, references to British, Canadian, and Australian standards, qualifications and practices are included. One of the good characteristics of this book is its readability and easy flow of information, unlike many other works in this field.
I haven't given this book five stars because in my opinion its coverage of "information systems" is somewhat limited compared with the coverage of "auditing". So if you are looking for a detailed technical volume on information systems auditing, look elsewhere; this book gives a well-rounded non-technical introduction to information systems auditing and does it well.
The book consists of three parts. Part One introduces core information systems concepts and is aimed at readers without much background in IS; Part Two introduces IS audit itself, and Part Three discusses some additional concepts and issues, such as control self-assessment and the human factor. Case studies are extensively used throughout the book to illustrate concepts, approaches and procedures discussed in the text.
While the author is writing from a US perspective and has US work experience, references to British, Canadian, and Australian standards, qualifications and practices are included. One of the good characteristics of this book is its readability and easy flow of information, unlike many other works in this field.
I haven't given this book five stars because in my opinion its coverage of "information systems" is somewhat limited compared with the coverage of "auditing". So if you are looking for a detailed technical volume on information systems auditing, look elsewhere; this book gives a well-rounded non-technical introduction to information systems auditing and does it well.
1 of 1 people found the following review helpful
Audit support
6 Jun 2009
Format:Hardcover
5 years ago I was asked to help internal auditors with a helpful audit program, so I decided to do some research and purchased this book over the internet.
I am not a professional reviewer, I lack the tactfulness to state my feelings about a book without offending at least the author. Well, here it is in a single statement - do not buy this book! -
It is too expensive for a new auditor and too basic for a seasoned auditor who should know about most of the points made in the book.
First chapter the author felt the urge to explain computers and used the term CPU, a box containing hardware. The original 1946 EDVAC may have been called a CPU. The author continues ..."there are thousands of them" what a joke. and if you keep reading how he explains memory you will start laughing uncontrollably " the more memory you have the more applications you can run" .
There are some good points made and planty of case studies but I ended up using articles I found on the internet for a great audit program based on BS7799.
I would recommend, reading books about ISO 2700x for creating great audits.
I am not a professional reviewer, I lack the tactfulness to state my feelings about a book without offending at least the author. Well, here it is in a single statement - do not buy this book! -
It is too expensive for a new auditor and too basic for a seasoned auditor who should know about most of the points made in the book.
First chapter the author felt the urge to explain computers and used the term CPU, a box containing hardware. The original 1946 EDVAC may have been called a CPU. The author continues ..."there are thousands of them" what a joke. and if you keep reading how he explains memory you will start laughing uncontrollably " the more memory you have the more applications you can run" .
There are some good points made and planty of case studies but I ended up using articles I found on the internet for a great audit program based on BS7799.
I would recommend, reading books about ISO 2700x for creating great audits.
1 of 1 people found the following review helpful
Baby steps laid!
22 Jun 2008
Format:Hardcover|Amazon Verified Purchase
An organised and easy to read book.
Champlain has written the book such that it meets the needs of 2 classes of readers; an auditor who has no experience in auditing an information system and someone who is familiar with information systems and is interested to know and understand the auditing process in their areas.
The book is organised into 3 sections: Core Concepts, Standard information system audit approach and Contemporary information systems auditing concept.
In Core Concepts, Champlain introduced the auditor to the basic architecture of information systems and how information systems are generally organised and structured.
In Standard information system audit approach, Champlain lead the auditor through the common areas that an auditor should cover to assess the adequacy of the information systems' controls to prevent unauthorised access and accidental or intentional destruction of programs. Champlain provides explanation on why these areas should be evaluated and helps readers working with information systems understand the rationale for the audit approach. Champlain shared with the readers numerous examples on control weaknesses over physical and logical accesses. However, I found the section on assessing the financial stability of vendor organisation could be further improved.
In Contemporary Information Systems auditing concept, Champlain introduced the reader to the control self-assessment and the 6 internal audit frameworks; COSO, CoCo, Cobit, SAC, eSAC and SASs 55/78/94. The concept and various approaches for Control Self Assessment for IS was introduced. In the chapter on cryptography, Champlain highlighted that encryption, hashing and digital signatures support a secure electronic message and are essential for the electronic commerce transactions.
Champlain provided a brief introduction to computer forensics and other contemporary computer challenges such as computer assisted audit techniques, computer viruses, software piracy and internet security. As part of professional enhancement, Champlain provided the reader with a list of available professional associations that provide and confer professional accreditations. In the final chapter, Champlain shared with the readers a methodology for Information System Project Management.
As an introductory to information system audit, this book earns high marks. However, if you are experienced information system auditors, this book is useful only as a refresher on some of the common information system controls.
Champlain has written the book such that it meets the needs of 2 classes of readers; an auditor who has no experience in auditing an information system and someone who is familiar with information systems and is interested to know and understand the auditing process in their areas.
The book is organised into 3 sections: Core Concepts, Standard information system audit approach and Contemporary information systems auditing concept.
In Core Concepts, Champlain introduced the auditor to the basic architecture of information systems and how information systems are generally organised and structured.
In Standard information system audit approach, Champlain lead the auditor through the common areas that an auditor should cover to assess the adequacy of the information systems' controls to prevent unauthorised access and accidental or intentional destruction of programs. Champlain provides explanation on why these areas should be evaluated and helps readers working with information systems understand the rationale for the audit approach. Champlain shared with the readers numerous examples on control weaknesses over physical and logical accesses. However, I found the section on assessing the financial stability of vendor organisation could be further improved.
In Contemporary Information Systems auditing concept, Champlain introduced the reader to the control self-assessment and the 6 internal audit frameworks; COSO, CoCo, Cobit, SAC, eSAC and SASs 55/78/94. The concept and various approaches for Control Self Assessment for IS was introduced. In the chapter on cryptography, Champlain highlighted that encryption, hashing and digital signatures support a secure electronic message and are essential for the electronic commerce transactions.
Champlain provided a brief introduction to computer forensics and other contemporary computer challenges such as computer assisted audit techniques, computer viruses, software piracy and internet security. As part of professional enhancement, Champlain provided the reader with a list of available professional associations that provide and confer professional accreditations. In the final chapter, Champlain shared with the readers a methodology for Information System Project Management.
As an introductory to information system audit, this book earns high marks. However, if you are experienced information system auditors, this book is useful only as a refresher on some of the common information system controls.
Were these reviews helpful?
Let us know
Listmania!
Look for similar items by category
Look for similar items by subject
Feedback
- Would you like to update product info or give feedback on images?
- I am the Author, and I want to comment on my book.
- I am the Publisher, and I want to comment on this book.
