| Written by Leah Underwood,
|
The following collection of selected web sites offers a variety of sources of information and training. Below are sites that provide specific IT audit information including authoritative references, research assistance, and specific IT audit training.
Information Systems Audit and Control Association (ISACA)
ISACA is a recognized global leader in IT governance, control and assurance. It sponsors international conferences, training events and a global knowledge network , administers the globally respected Certified Information Systems Auditor™ (CISA®) designation earned by more than 29,000 professionals worldwide and the new Certified Information Security Manager™ (CISM™) designation, and develops globally applicable information systems auditing and control standards. General Information: http://www.isaca.org/
Bettermanagement.com:
Bettermanagement.com web seminars are designed to offer “concise online education, management articles and information on a wide range of business management topics, as well as access to top academics and consultants in the field of Performance Management.” These web-based seminars can be taken for CPE or you can participate for free and not receive CPE. Participants can ask questions online during the seminars, and topics range from activity-based and IT management to performance measurement and fraud detection.
Government Technology
A myriad of government technology topics are here to explore for solutions for state and local governments in the information age. The site features timely articles, case studies, articles, and a highlight section with recommended sites. http://www.govtech.net
General Accounting Office
Federal Information System Controls Audit Manual FISCAM http://www.gao.gov/special.pubs/ai12.19.6.pdf
This document (GAO/AMD 12.19.6) provided by the General Accounting Office provides guidance related to information technology audits, including audit planning; audit procedures related to general controls, access controls, software development and change controls, system software, service continuity. An additional chapter related to evaluation and testing of application controls is currently being developed.
Management Planning Guide for Information Systems Security Auditing http://www.gao.gov/special.pubs/mgmtpln.pdf
This guide is intended to help audit organizations respond to this expanding use of IT and the concomitant risks that flow from such pervasive use by governments. It applies to any evaluative government organization, regardless of size or current methodology. Directed primarily at senior and executive managers, the guide covers the steps involved in establishing or enhancing an information security auditing capability: planning, developing a strategy, implementing the capability, and assessing results.
Link to other guidance: http://www.gao.gov/aac.html
Intergovernmental Information Security Audit Forum:
The Intergovernmental Information Security Audit Initiative is a partnership of Federal, State, and Local Audit Organizations, promoting the enhancement of government information security audit capabilities. Information available includes: publications, shared audit programs and reports. http://www.nasact.org/IISAF/about.html
MIS Training Institute
MIS provides IT audit, information security, and other general audit training. The site has a number of links to conferences, a free newsletter, and web-based training, and other auditor-related sites. http://www.misti.com
The Institute of Internal Auditors (IIA)
The IIA is an international professional organization that serves members in internal auditing, governance and internal control, Information Technology (IT) audit, education, and security. The IIA also provides internal audit practitioners, executive management, boards of directors and audit committees with standards, guidance, and information on best practices in internal auditing.
IT Tech Encyclopedia
This website is a research tool that provides a encyclopedia of over 20,000 IT “techie” terms. Just type in the term or acronym and get the definition. http://www.techweb.com/encyclopedia/
NIST Federal Information Processing Standards (FIPS) on Computer Security
For IT audits, this site can be used to research FIPS that can provide authoritative standards for information systems audits. A popular example of this is FIPS 112, “Password Usage”, which provides standards for password configuration, life, and usage. http://csrc.nist.gov/publications/fips/index.html
SANS (SysAdmin, Audit, Network, Security) Institute Roadmap or Security Tools and Services On-line
For IT audits, the SANS community supports various programs and products including Information Security Training, SANS Resources, Center for Internet Security and SCORE, and SANS/FBI Top Twenty List. http://www.sans.org/
|
Education and Training