IT Auditing: Assuring Information Assets Protection

  About the Author 


Robert E. Davis

Robert E. Davis, MBA, CISA, CICA

Robert E. Davis is an independent management audit consultant (currently associated with Robert Half Management Resources), as well as Pleier Corporation author.  His IT audit specializations include Control Objectives for Information and related Technology, Sarbanes-Oxley Act, and the Foreign Corrupt Practices Act.  Regarding information security and privacy, Robert is available to provide International Organization for Standardization-27000, Gramm-Leach-Bliley Act, and Basel II consulting.  His primary computer technology research interests are databases, operating systems, and distributed information systems processing. 

Recently, he has applied his expertise in assisting organizations in fulfilling U.S. Sarbanes-Oxley and Federal Information Security Management Act requirements as well as training professionals internationally.  

Since starting his career as an IT auditor, Robert has provided data security consulting and IT auditing services (from staff through senior management positions) to the United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company, Fidelity/First Fidelity (Wachovia) Corporations, and other organizations.

Some of his professional IT software and hardware experience includes MVS, UNIX, Windows, Oracle, Clarity, the International Money Management System, PERL, COBOL, PASCAL, DEC, IBM, Tandem, Compaq, and DELL.  

Prior to engaging in the practice of IT auditing and information security consulting, Robert provided inventory and general accounting services to Philip Morris USA and general accounting services to Philadelphia National Bank (Wachovia).

Robert graduated from Temple University and West Chester University of Pennsylvania with a Bachelor of Business Administration and Master of Business Administration degree, respectively.  While attending Temple University, his major areas of study were Business Law and Accounting.  He successfully completed the requirements for a Management Information Systems subject major at West Chester University.  

Robert obtained the Certified Information Systems Auditor (CISA) certificate, after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.  

During his twenty-year professional involvement in education, Robert acquired postgraduate and professional technical licenses in computer science and computer systems technology.  

Robert has authored "Did IT Auditing Forget the Foreign Corrupt Practice Act" and "How Does Management Support Deploying IT Governance?" articles for IT AUDIT magazine and IT Governance, LTD; respectively.

Robert is a former ISACA-Philadelphia Chapter Board of Directors member and College Relations Chairman.  Robert has provided instruction to an Internet CISA study group, the Data Processing Management Association, and the ISACA-Philadelphia Chapter CISA Review Course.
 

Robert is a member of The Institute of Internal Auditors, ISACA, the American Association of University Professors, and The Institute for Internal Controls.  He is also a college computer science and mathematics instructor, having previously taught at Cheyney University and Bryant & Stratton College.  

Based on his accomplishments, Robert has been featured in Temple University's Fox School of Business Alumni Newsletter and The Institute for Internal Controls e-Newsletter.  Furthermore, he is a lifetime member of the Madison Who's Who Registry of Executives and Professionals.

Robert has authored 7 other indispensable resources available from Pleier Corporation:


These publications are also especially valuable references to prepare for related sections of the ISACA Certified Information Systems Auditors examination. 


Additional references and information is available at
Have CISA - Will Travel.


Cd and computer  

IT Auditing: Assuring Information Assets Protection


Click here to view Sample of Publication in Microsoft Word Format

Click here to view Sample of Knowledge Check Answers in Microsoft Word Format

Click here to view Sample of Publication in Acrobat (PDF) Format

Click here to view Sample of Knowledge Check Answers in Acrobat (PDF) Format


The value of most organizations today is in the invisible information assets that provide key knowledge necessary to succeed in conducting business.  Many of these information assets are digital.

Unlike physical assets, information assets can not be seen or touched directly.  Unlike physical assets information assets can be more easily damaged or destroyed accidentally or on purpose by persons in the computer room, in the organization, or an unknown person half way around the world.  The nature of these information assets requires extremely close scrutiny.

“IT Auditing: Assuring Information Assets Protection” provides a proven approach to assessing IT security frameworks, architectures, methods, and techniques.  This publication converts selected audit standards and guidelines into practical applications using detailed examples and vivid graphics
- including definitions of over 140 acronyms helpful in auditing and reviewing.  This publication also allows auditors and security professionals to understand various steps and processes required to adequately initiate, document, and compile information assets protection audit or review phases. 

This 265-page publication provides auditors and security professionals with an appreciation for the complexities associated with assuring information assets protection and lists numerous references for further in-depth information.


“IT Auditing: Assuring Information Assets Protection” can function as a study guide for CISA or CISM examination preparation as well as an audit or security practice reference manual.

Robert offers this information to assist
auditors and security professionals in meeting the challenges of helping to assure the protection of these assets.

Feedback from an on-site version of this training includes:

"[The] Risk Based IT Audit Course provided a comprehensive understanding for both IT Auditors & IT Management in identifying risks & the risk of mitigating actions for them"

- President & CEO from Pentathlon Systems Resources Inc.


Chapter One: Information Security Laws & Regulations


Government-Entity Convergence
Fiduciary Relationships
Fiduciary Responsibilities
Multiple Legal Requirements
Security, Privacy, and Intellectual Property Edicts
Preserving Electronically Encoded Evidence
Government-Audit Convergence
Audit Practice Areas
Appendix A Selected IAP Related Governance Initiatives
Appendix B Laws & Regulations – IAP Templates
Chapter 1 Knowledge Check
Chapter 1 Bibliography


Chapter Two: Information Security Governance
 

Government-Entity Convergence
Framing Information Security Governance
Program Development and Deployment
Responsibilities Separation
Information Assets Protection
Information Security Governance Managerial Aids
Entity-Audit Convergence
Chapter 2 Knowledge Check
Chapter 2 Bibliography


Chapter Three: Control Environment
 
Entity-centric Considerations
Risk Determinants
Entity-level Policies
Managerial Practices
Chapter 3 Knowledge Check
Chapter 3 Bibliography


Chapter Four: Information Assets Protection Management

Planning
Control Objectives Selection
Control Goals Selection
Risk Management
Organizing
Coordinating
Directing
Controlling
Appendix A Selected Information Assets Classifications
Appendix B Potential Control Evaluation Worksheets
Chapter 4 Knowledge Check
Chapter 4 Bibliography


 
 
Chapter Five: Entity Employees    
 
Employment Practices
Decisional Quality, Responsibility Delegation, and Societal Engineering
IT Employees
Monitoring and Evaluating Resources
Incident Response Team

Chapter 5 Knowledge Check
Chapter 5 Bibliography


  Chapter Six: IT Audits and Reviews

Planning
Considering Laws and Regulations
Audit Risk Assessment
Internal Control Assessment
Studying and Evaluating Controls
Access Management
Network Infrastructure
Risk Analysis
Environmental Controls
Confidential Information Asset Life Cycle
Testing and Evaluating Controls
Reporting
Follow-up
Appendix A Pro Forma IT Audit IAP Risk Assessment Template   
Appendix B Generic Control Environment: Awareness Lead-sheet 
Appendix C Computer Viruses   
Appendix D IAP RACI or RASCI Templates
Appendix E IAP Control Classification Template
Appendix F Authentication Mechanisms Table   
Appendix G Peer-to-Peer Networking   
Appendix H Trans-border Communication Protection   
Appendix I Suggested Access Controls Testing Checklist   
Chapter 6 Knowledge Check
Chapter 6 Bibliography 


Acronyms Used Throughout This Publication   
Glossary of Terms Used Throughout This Publication   
Biography of the Author    
   


Your feedback, concerning this product, should be sent to pleier@pleier.com.




Other Resources


If you like the quality of this CD-ROM publication check http://www.pleier.com for additional resources.

Current Publications - Click the link to preview:


Print Order Form - PDF

Print Order Form - Word Document

Order Online


Thank you for purchasing a copy of the "IT Auditing: Assuring Information Assets Protection".

Please tell others about these resources.

Thank you.

Joseph R Pleier

President

Pleier Corporation