IT Auditing: Using Controls to Protect Information Assets, Second Edition
Encoding QR Code ISO/IEC18004 In None
Using Barcode maker for Software Control to generate, create QR Code ISO/IEC18004 image in Software applications.
Decode QR Code ISO/IEC18004 In None
Using Barcode reader for Software Control to read, scan read, scan image in Software applications.
will tend to focus on those larger applications that support critical business processes, but each application will need to be considered individually when you perform risk ranking and determine what to audit Each application has its own control nuances, depending on the business process it supports, the programming language that was used to develop it, and the technology platform(s) on which it resides (for examples, the database management system, middleware, and operating system used) Although it is not realistic to provide detailed test steps and checklists for every possible permutation of an application, this chapter provides guidance on control concepts that are common to almost all applications and that can be used to generate thoughts and ideas regarding audit test steps more specific to the application being audited Staying on top of every new technology that attaches itself to your environment is tough It s our job as auditors to drill down quickly into new or existing applications to find potential control weaknesses We will therefore discuss how to examine applications conceptually using big-picture and abstract frameworks We also will suggest a comprehensive set of checklists that will greatly assist you in covering the vast majority of common control weaknesses NOTE 8 contains test steps specific to auditing web-based applications, which can be used in conjunction with the standard application auditing test steps in this chapter
QR Code 2d Barcode Generation In C#
Using Barcode generation for Visual Studio .NET Control to generate, create QR Code JIS X 0510 image in .NET applications.
QR Generation In .NET Framework
Using Barcode creation for ASP.NET Control to generate, create Quick Response Code image in ASP.NET applications.
Application Auditing Essentials
Quick Response Code Creation In Visual Studio .NET
Using Barcode generator for .NET framework Control to generate, create QR Code 2d barcode image in .NET framework applications.
Drawing QR-Code In VB.NET
Using Barcode encoder for .NET Control to generate, create QR Code ISO/IEC18004 image in .NET applications.
In a perfect scenario, you have a perfect audit program that you can apply quickly to your perfect application However, although the test steps in this chapter will serve as a great starting point, in reality you re often faced with new ideas and approaches for solving business problems with new technology, all of which get bundled together to create a unique application that requires a unique audit program As you struggle with the questions to ask, you will find the following frameworks and best practices helpful
UPC-A Supplement 2 Encoder In None
Using Barcode creator for Software Control to generate, create UPCA image in Software applications.
Generate EAN 13 In None
Using Barcode drawer for Software Control to generate, create GTIN - 13 image in Software applications.
Code 39 Full ASCII Generation In None
Using Barcode creator for Software Control to generate, create Code 39 Extended image in Software applications.
Barcode Maker In None
Using Barcode creator for Software Control to generate, create bar code image in Software applications.
Generalized frameworks are useful in meetings when you ve been put on the spot to come up with questions and possible risks associated with an application You might even find yourself walking into a meeting, taking out a blank sheet of paper, and writing PPTM, STRIDE, and PDIO (as explained in the following sections) at the top before the meeting starts Then, as you discuss the application or project under review, you can ask questions regarding and make note of how each element of each framework is being addressed At the end of the meeting, if you find blanks by any of the framework elements, it s possible that you ve discovered a gap in the controls This sort of quick-and-dirty thought process should never take the place of detailed and thorough testing, of course, but it can be very useful when you re participating in initial discussions and consulting on controls
DataMatrix Printer In None
Using Barcode encoder for Software Control to generate, create ECC200 image in Software applications.
Barcode Printer In None
Using Barcode drawer for Software Control to generate, create bar code image in Software applications.
13: Auditing Applications
International Standard Serial Number Printer In None
Using Barcode maker for Software Control to generate, create International Standard Serial Number image in Software applications.
Make Barcode In None
Using Barcode generation for Excel Control to generate, create bar code image in Office Excel applications.
Generating EAN / UCC - 13 In None
Using Barcode generator for Font Control to generate, create EAN128 image in Font applications.
Bar Code Recognizer In VB.NET
Using Barcode Control SDK for Visual Studio .NET Control to generate, create, read, scan barcode image in Visual Studio .NET applications.
People, processes, tools, and measures (PPTM) is a great brainstorming framework for examining an application from the macro level Detailed specific technical review steps dominate this chapter PPTM helps you to come up with your own steps quickly and efficiently as they apply to your unique situation People People in PPTM describes every aspect of the application that deals with a human For example, if you have the opportunity to provide input during application development, ensure that the right people are involved in the planning, design, implementation, or operations for the project and that the right stakeholders are involved If the application involves end users, ensure that the application has controls around provisioning and deprovisioning access and that the end users have been involved in the components with which they will ultimately interface Little is more embarrassing than spending time and money rolling out an application, just to find out that upper management doesn t approve it or that the end users find that the interface is too complicated to use Process Process in PPTM describes every aspect of the application that is involved in a policy, procedure, method, or course of action Review the interaction of the application with interfacing systems and verify compliance in security models (For example, ensure that firewalls are in place to protect the application from external applications, users, business partners, and the like) Procedures and policies should be written to support how the application is intended to be used Adequate documentation also should exist to support technicians who need to maintain the application Tools Tools in PPTM describe every aspect of the application that deals with a concrete technology or product Ensure that the appropriate hardware and environment exist to support the application and that the application interfaces with recommended technologies appropriate to your intended policies and procedures Verify that the application and infrastructure are tested and audited appropriately Measures Measures in PPTM describe every aspect of the application that is quantifiable conceptually, such as the business purpose or application performance For example, you can verify that the application meets well-documented and well-thoughtout acceptance criteria If the application is intended to solve a quantifiable business problem, verify that it does indeed solve that problem Verify that logs are meaningful and that you can measure the performance of the application PART II
Barcode Maker In Java
Using Barcode creator for Java Control to generate, create bar code image in Java applications.
Scan Barcode In VS .NET
Using Barcode recognizer for .NET Control to read, scan read, scan image in .NET framework applications.
Code 3/9 Printer In Objective-C
Using Barcode creation for iPhone Control to generate, create Code 3/9 image in iPhone applications.
GTIN - 128 Generator In C#
Using Barcode drawer for Visual Studio .NET Control to generate, create UCC - 12 image in .NET framework applications.