.:: Accounting Audit ::. : Books : Auditor's Guide to Information Systems Auditing

Location: Home » Books » Auditor's Guide to Information Systems Auditing

Recommended

Auditor's Guide to Information Systems Auditing
enlarge	Author: Richard E. Cascarino Publisher: Wiley Category: Book List Price: ~~$105.00~~ Buy New: $81.51 as of 7/29/2010 14:55 CDT details You Save: $23.49 (22%) New (20) Used (12) from $81.51 Seller: supermoviedeals Rating: 3 reviews Sales Rank: 113520 Media: Hardcover Pages: 512 Number Of Items: 1 Shipping Weight (lbs): 1.5 Dimensions (in): 9.1 x 6.2 x 1.6 ISBN: 0470009896 Dewey Decimal Number: 658.0558 EAN: 9780470009895 ASIN: 0470009896 Publication Date: March 23, 2007 Availability: Usually ships in 1-2 business days


Similar Items: Core Concepts of Information Technology Auditing IT Auditing: Using Controls to Protect Information Assets Information Technology Control and Audit, Third Edition CISA Certified Information Systems Auditor Study Guide Information Warfare and Security


Editorial Reviews: Product Description Praise for Auditor's Guide to Information Systems Auditing "Auditor's Guide to Information Systems Auditing is the most comprehensive book about auditing that I have ever seen. There is something in this book for everyone. New auditors will find this book to be their bible-reading it will enable them to learn what the role of auditors really is and will convey to them what they must know, understand, and look for when performing audits. For experiencedauditors, this book will serve as a reality check to determine whether they are examining the right issues and whether they are being sufficiently comprehensive in their focus. Richard Cascarino has done a superb job." —E. Eugene Schultz, PhD, CISSP, CISM Chief Technology Officer and Chief Information Security Officer, High Tower Software A step-by-step guide tosuccessful implementation and control of information systems More and more, auditors are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Auditor's Guide to Information Systems Auditing presents an easy, practical guide for auditors that can be applied to all computing environments. As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. With a complimentary student'sversion of the IDEA Data Analysis Software CD, Auditor's Guide to Information Systems Auditing empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.

Customer Reviews: Kerckhoffs's Law January 31, 2008 Rich (South Africa) 0 out of 2 found this review helpful Kerckhoffs's Law does, indeed state that "A cryptosystem should be designed to be secure if everything is known about it except the key information". Unfortunately many of the common security systems (excluding professional cryptosystems) are not so designed. Security management resource June 6, 2009 Viken Derderian (Los Angeles, CA) This may be an unfair review considering that the book is couple of years old and much has changed since. I think Auditor's Guide to Information Systems Auditing has enough good material to make it a viable reference for an internal auditor. It can also be used by Security professionals implementing Information Security Management System. To use this book; .-Cut the first 3 chapters. .-Start implementing an ISO 2700x management system. .-Use parts of the remaining chapters as reference material for the ISO management system. The author opted to simply write a compilation of facts already available to ISACA members, what would have made my review a 5 star is if he expanded the controls, rules and statements and added his opinion and experience, for example a very important rule 4.1 of rules of conduct page 46 "Shall engage only in those services for which they have the necessary knowledge, skills, and experience." could have taken a complete chapter by itself, this rule alone can eliminate most auditors from being able to audit. In conclusion; Buy a used copy if you must. Max May 4, 2007 Maxim Noudelman (Jerusalem, Israel) 5 out of 7 found this review helpful I think this book is waste of money. It's full of water and just a collections of facts about IS audit. Some author's statements are pretty strange - p.304-305 of the book (encryption weaknesses) the author says: "Availability of algorithms makes secure encryption difficult. Most of commonly used algorithms are published and available...". Everyone knows that strength of encryption is not in secrecy of encryption algorithms. August Kerckhoff wrote (Kerckhoff's law) that "a cryptosystem should be secure even if everything about the system, except the key, is public knowledge".... In my opinion, if you want to read something about IS audit better to choose CISA study guide.

is audit it auditing