SlideShare una empresa de Scribd logo

IT Audit methodologies

Descargar como PPT, PDF
G
genetics
Tecnología
1 de 65
IT Audit Methodologies IT Audit Methodologies
IT Audit Methodologies ,[object Object],[object Object],[object Object],[object Object],[object Object]
IT Audit Methodologies - URLs ,[object Object],[object Object],[object Object],[object Object],[object Object]
Main Areas of Use ,[object Object],[object Object],[object Object],[object Object],[object Object]
Security Definition ,[object Object],[object Object],[object Object],[object Object],[object Object]
CobiT ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CobiT - Model for IT Governance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CobiT - Framework
CobiT - Structure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PO - Planning and Organisation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
AI - Acquisition and Implementation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
DS - Delivery and Support ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
M - Monitoring ,[object Object],[object Object],[object Object],[object Object]
CobiT - IT Process Matrix ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],IT Processes
CobiT - Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CobiT - Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BS 7799 - CoP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BS 7799 - Security Baseline Controls ,[object Object],[object Object],[object Object],[object Object]
BS 7799 - Control Categories ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BS 7799 - Control Categories ,[object Object],[object Object],[object Object],[object Object]
BS7799 - 10 Key Controls ,[object Object],[object Object],[object Object],[object Object],[object Object]
BS7799 - 10 Key Controls ,[object Object],[object Object],[object Object],[object Object],[object Object]
BS7799 - Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BS7799 - Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI (Bundesamt für Sicherheit in der Informationstechnik) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI - Approach
BSI - Approach ,[object Object],[object Object],[object Object],[object Object]
BSI - Structure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI - Security Measures (Modules) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI - Generic Components ,[object Object],[object Object],[object Object],[object Object]
BSI - Infrastructure ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI - Non-Networked Systems ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI - LANs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI - Data Transfer Systems ,[object Object],[object Object],[object Object],[object Object]
BSI - Telecommunications ,[object Object],[object Object],[object Object],[object Object]
BSI - Other IT Components ,[object Object],[object Object],[object Object]
BSI - Module „Data Protection“ (3.4) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI - Safeguards (420 safeguards) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI - S1-Infrastructure (45 safeguards) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI - Security Threats (209 threats) ,[object Object],[object Object],[object Object],[object Object],[object Object]
BSI - T3-Human Errors (31 threats) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI - Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
BSI - Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ITSEC, Common Criteria ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ITSEC, Common Criteria ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ITSEC - Methodology ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ITSEC - Functionality ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ITSEC - Assurance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CC - Security Concept
CC - Evaluation Goal
CC - Documentation CC Part 1 Introduction and Model ,[object Object],[object Object],[object Object],CC Part 2 Functional Requirements ,[object Object],[object Object],[object Object],[object Object],CC Part 3 Assurance Requirements ,[object Object],[object Object],[object Object],[object Object],[object Object]
CC - Security Requirements ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CC - Security Functional Classes Name Audit Communications Cryptographic Support User Data Protection Identification & Authentication Security Management Privacy Protection of TOE Security Functions Resource Utilization TOE (Target Of Evaluation) Access Trusted Path / Channels Class FAU FCO FCS FDP FIA FMT FPR FPT FRU FTA FTP
CC - Security Assurance Classes Name Configuration Management Delivery & Operation Development Guidance Documents Life Cycle Support Tests Vulnerability Assessment Protection Profile Evaluation Security Target Evaluation Maintenance of Assurance Class ACM ADO ADV AGD ALC ATE AVA APE ASE AMA
CC - Eval. Assurance Levels (EALs) *TCSEC = “Trusted Computer Security Evaluation Criteria” --”Orange Book” Name Functionally Tested Structurally Tested Methodically Tested & Checked Methodically Designed, Tested & Reviewed Semiformally Designed & Tested Semiformally Verified Design & Tested Formally Verified Design & Tested EAL EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 *TCSEC C1 C2 B1 B2 B3 A1
ITSEC, CC - Summary ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Comparison of Methods - Criteria ,[object Object],[object Object],[object Object],[object Object],[object Object]
Comparison of Methods - Criteria ,[object Object],[object Object],[object Object],[object Object],[object Object]
Comparison of Methods - Results CobiT 3.4 3.3 2.7 2.8 3.3 3.1 1.9 3.0 3.1 2.3 Standardisation Independence Certifyability Applicability in practice Adaptability Extent of Scope Presentation of Results Efficiency Update frequency Ease of Use BS 7799 3.3 3.6 3.3 3.0 2.8 2.9 2.2 2.8 2.4 2.7 BSI 3.1 3.5 3.0 3.1 3.3 2.7 2.6 3.0 3.4 2.8 ITSEC /CC 3.9 3.9 3.7 2.5 3.0 2.6 1.7 2.5 2.8 2.0 Scores between 1 (low) and 4 (high) - Scores for CobiT, BS7799, BSI from ISACA Swiss chapter; score for ITSEC/CC form H.P. Winiger
CobiT - Assessment
BS 7799 - Assessment
BSI - Assessment
ITSEC/CC - Assessment
Use of Methods for IT Audits ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Herzlichen Dank für Ihr Interesse an IT Audit Methodologies

Recomendados

IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
Ed Tobias
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
Dinesh O Bareja
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample Report
Randy James
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
kinjalmkothari92
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructure
pramod_kmr73
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 

Recomendados

IT Audit For Non-IT Auditors
IT Audit For Non-IT AuditorsIT Audit For Non-IT Auditors
IT Audit For Non-IT Auditors
Ed Tobias
 
Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing Basics in IT Audit and Application Control Testing
Basics in IT Audit and Application Control Testing
Dinesh O Bareja
 
Audit Sample Report
Audit Sample ReportAudit Sample Report
Audit Sample Report
Randy James
 
IT System & Security Audit
IT System & Security AuditIT System & Security Audit
IT System & Security Audit
Mufaddal Nullwala
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
ControlCase
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
kinjalmkothari92
 
Audit of it infrastructure
Audit of it infrastructureAudit of it infrastructure
Audit of it infrastructure
pramod_kmr73
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
seanpizzy
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
Hendri Eka Saputra
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
Christian F. Nissen
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
Hafiz Sheikh Adnan Ahmed
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
Kaushal Trivedi
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
mohammed539963
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
Dejan Kosutic
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
Yasir Khan
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
Kashif Rana ACCA
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
Midhun Nirmal
 
audit_it_250759.pdf
audit_it_250759.pdfaudit_it_250759.pdf
audit_it_250759.pdf
mabkhoutaliwi1
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
Damilola Mosaku
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
Ralf Braga
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
khushboo
 
Network security ppt
Network security pptNetwork security ppt
Network security ppt
shashi712
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
Corporate Registers Forum
 

Más contenido relacionado

La actualidad más candente

Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
Kashif Rana ACCA
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 

La actualidad más candente (20)

ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Auditing SOX ITGC Compliance
Auditing SOX ITGC ComplianceAuditing SOX ITGC Compliance
Auditing SOX ITGC Compliance
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)Control and audit of information System (hendri eka saputra)
Control and audit of information System (hendri eka saputra)
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
IT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit ClubIT General Controls Presentation at IIA Vadodara Audit Club
IT General Controls Presentation at IIA Vadodara Audit Club
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1Information System Architecture and Audit Control Lecture 1
Information System Architecture and Audit Control Lecture 1
 
Information systems audit and control
Information systems audit and controlInformation systems audit and control
Information systems audit and control
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
Iso 27001 isms presentation
Iso 27001 isms presentationIso 27001 isms presentation
Iso 27001 isms presentation
 
audit_it_250759.pdf
audit_it_250759.pdfaudit_it_250759.pdf
audit_it_250759.pdf
 
Introduction to it auditing
Introduction to it auditingIntroduction to it auditing
Introduction to it auditing
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 

Destacado

Audit Webinar How to get the right data for your audit in 3 easy steps
Audit Webinar How to get the right data for your audit in 3 easy stepsAudit Webinar How to get the right data for your audit in 3 easy steps
Audit Webinar How to get the right data for your audit in 3 easy steps
CaseWare IDEA
 

Destacado (11)

Network security ppt
Network security pptNetwork security ppt
Network security ppt
 
5.4 it security audit (mauritius)
5.4 it security audit (mauritius)5.4 it security audit (mauritius)
5.4 it security audit (mauritius)
 
Audit Technique
Audit TechniqueAudit Technique
Audit Technique
 
Audit Webinar How to get the right data for your audit in 3 easy steps
Audit Webinar How to get the right data for your audit in 3 easy stepsAudit Webinar How to get the right data for your audit in 3 easy steps
Audit Webinar How to get the right data for your audit in 3 easy steps
 
Advanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management ConsultantsAdvanced Risk Management - Elsam Management Consultants
Advanced Risk Management - Elsam Management Consultants
 
How to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT InfrastructureHow to Effectively Audit your IT Infrastructure
How to Effectively Audit your IT Infrastructure
 
Talent Management
Talent ManagementTalent Management
Talent Management
 
Financial audit
Financial auditFinancial audit
Financial audit
 
CIA Part I review course 2017
CIA Part I review course 2017 CIA Part I review course 2017
CIA Part I review course 2017
 
Network Security
Network SecurityNetwork Security
Network Security
 
Audit Checklist for Information Systems
Audit Checklist for Information SystemsAudit Checklist for Information Systems
Audit Checklist for Information Systems
 

Similar a IT Audit methodologies

Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity model
nooralmousa
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Metholodogies and Security Standards
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security Standards
Conferencias FIST
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
IPPAI
 

Similar a IT Audit methodologies (20)

It audit methodologies
It audit methodologiesIt audit methodologies
It audit methodologies
 
IT Audit Methodologies
IT Audit MethodologiesIT Audit Methodologies
IT Audit Methodologies
 
UNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - GuasconiUNINFO - BIG DATA & Information Security Standards - Guasconi
UNINFO - BIG DATA & Information Security Standards - Guasconi
 
Sudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity modelSudarsan Jayaraman - Open information security management maturity model
Sudarsan Jayaraman - Open information security management maturity model
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017Usulanuntukwg1danwg2dandata28 feb2017
Usulanuntukwg1danwg2dandata28 feb2017
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
 
Integrating Multiple IT Security Standards
Integrating Multiple IT Security StandardsIntegrating Multiple IT Security Standards
Integrating Multiple IT Security Standards
 
Cybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdfCybersecurity Frameworks for DMZCON23 230905.pdf
Cybersecurity Frameworks for DMZCON23 230905.pdf
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
 
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
Harald Leitenmüller | DSGVO - globaler, zeitgemäßer Datenschutzstandard für M...
 
102 Information security standards and specifications
102 Information security standards and specifications102 Information security standards and specifications
102 Information security standards and specifications
 
Metholodogies and Security Standards
Metholodogies and Security StandardsMetholodogies and Security Standards
Metholodogies and Security Standards
 
Iio t security std
Iio t security stdIio t security std
Iio t security std
 
Cybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practisesCybersecurity concepts & Defense best practises
Cybersecurity concepts & Defense best practises
 
Khas bank isms 3 s
Khas bank isms 3 sKhas bank isms 3 s
Khas bank isms 3 s
 
Industrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & FrameworksIndustrial IoT Security Standards & Frameworks
Industrial IoT Security Standards & Frameworks
 
20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)20201014 iso27001 iso27701 nist v2 (extended version)
20201014 iso27001 iso27701 nist v2 (extended version)
 
S nandakumar
S nandakumarS nandakumar
S nandakumar
 

Último

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 

Último (20)

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 

IT Audit methodologies

  • 1. IT Audit Methodologies IT Audit Methodologies
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49. CC - Security Concept
  • 51.
  • 52.
  • 53. CC - Security Functional Classes Name Audit Communications Cryptographic Support User Data Protection Identification & Authentication Security Management Privacy Protection of TOE Security Functions Resource Utilization TOE (Target Of Evaluation) Access Trusted Path / Channels Class FAU FCO FCS FDP FIA FMT FPR FPT FRU FTA FTP
  • 54. CC - Security Assurance Classes Name Configuration Management Delivery & Operation Development Guidance Documents Life Cycle Support Tests Vulnerability Assessment Protection Profile Evaluation Security Target Evaluation Maintenance of Assurance Class ACM ADO ADV AGD ALC ATE AVA APE ASE AMA
  • 55. CC - Eval. Assurance Levels (EALs) *TCSEC = “Trusted Computer Security Evaluation Criteria” --”Orange Book” Name Functionally Tested Structurally Tested Methodically Tested & Checked Methodically Designed, Tested & Reviewed Semiformally Designed & Tested Semiformally Verified Design & Tested Formally Verified Design & Tested EAL EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 *TCSEC C1 C2 B1 B2 B3 A1
  • 56.
  • 57.
  • 58.
  • 59. Comparison of Methods - Results CobiT 3.4 3.3 2.7 2.8 3.3 3.1 1.9 3.0 3.1 2.3 Standardisation Independence Certifyability Applicability in practice Adaptability Extent of Scope Presentation of Results Efficiency Update frequency Ease of Use BS 7799 3.3 3.6 3.3 3.0 2.8 2.9 2.2 2.8 2.4 2.7 BSI 3.1 3.5 3.0 3.1 3.3 2.7 2.6 3.0 3.4 2.8 ITSEC /CC 3.9 3.9 3.7 2.5 3.0 2.6 1.7 2.5 2.8 2.0 Scores between 1 (low) and 4 (high) - Scores for CobiT, BS7799, BSI from ISACA Swiss chapter; score for ITSEC/CC form H.P. Winiger
  • 61. BS 7799 - Assessment
  • 64.
  • 65. Herzlichen Dank für Ihr Interesse an IT Audit Methodologies