GTAG 10 - Business Continuity Management.pdfVIP专享VIP免费原创优质

下载本文档

阅读 88
下载 2
格式 pdf
大小 1.61 MB
约40页
2025-01-31 发布于陕西
收藏
评论
点赞(0)
海报
举报

GTAG 10 - Business Continuity Management.pdf_第1页

GTAG 10 - Business Continuity Management.pdf_第2页

GTAG 10 - Business Continuity Management.pdf_第3页

/40

BusinessContinuityManagementGlobalTechnologyAuditGuide(GTAG)WritteninstraightforwardbusinesslanguagetoaddressatimelyissuerelatedtoITmanagement,control,andsecurity,theGTAGseriesservesasareadyresourceforchiefauditexecutivesondifferenttechnology-associatedrisksandrecommendedpractices.InformationTechnologyControls:TopicsdiscussedincludeITcontrolconcepts,theimportanceofITcontrols,theorganizationalrolesandresponsibilitiesforensuringeffectiveITcontrols,andriskanalysisandmonitoringtechniques.ChangeandPatchManagementControls:CriticalforOrganizationalSuccessChangeandPatchManagementControls:Describessourcesofchangeandtheirlikelyimpactonbusinessobjectives,aswellashowchangeandpatchmanagementcontrolshelpmanageITrisksandcostsandwhatworksanddoesn’tworkinpractice.ContinuousAuditing:ImplicationsforAssurance,Monitoring,andRiskAssessmentContinuousAuditing:Addressestheroleofcontinuousauditingintoday’sinternalauditenvironment;therelationshipofcontinuousauditing,continuousmonitoring,andcontinuousassurance;andtheapplicationandimplementationofcontinuousauditing.ManagementofITAuditingManagementofITAuditing:DiscussesIT-relatedrisksanddefinestheITaudituniverse,aswellashowtoexecuteandmanagetheITauditprocess.ManagingandAuditingPrivacyRisksManagingandAuditingPrivacyRisks:Discussesglobalprivacyprinciplesandframeworks,privacyriskmodelsandcontrols,theroleofinternalauditors,top10privacyquestionstoaskduringthecourseoftheaudit,andmore.ManagingandAuditingITVulnerabilitiesManagingandAuditingITVulnerabilities:Amongothertopics,discussesthevulnerabilitymanagementlifecycle,thescopeofavulnerabilitymanagementaudit,andmetricstomeasurevulnerabilitymanagementpractices.��InformationTechnologyOutsourcing:DiscusseshowtochoosetherightIToutsourcingvendorandkeyoutsourcingcontrolconsiderationsfromtheclient’sandserviceprovider’soperation.AuditingApplicationControlsAuditingApplicationControls:Addressestheconceptofapplicationcontrolanditsrelationshipwithgeneralcontrols,aswellashowtoscopearisk-basedapplicationcontrolreview.IdentityandAccessManagementIdentityandAccessManagement:Coverskeyconceptssurroundingidentityandaccessmanagement(IAM),risksassociatedwithIAMprocess,detailedguidanceonhowtoauditIAMprocesses,andasamplechecklistforauditors.DevelopingtheITAuditPlanDevelopingTheITAuditPlan:Providesstep-by-stepguidanceonhowtodevelopanITauditplan,fromunderstandingthebusiness,definingtheITaudituniverse,andperformingariskassessment,toformalizingtheITauditplan.VisitTheIIA’sWebsiteatwww.theiia.org/technologytodownloadtheentireseries.AuthorsDavidEverest,KeyBankRoyE.Garber,SafeAutoInsuranceCo.MichaelKeating,NavigantConsultingBrianPeterson,ChevronCorp.BusinessContinuityManagementJuly2008Copyright©2008byTheInstituteofInternalAuditors,247MaitlandAve.,AltamonteSprings,FL32701-4201,USA.Allrightsreserved.PrintedintheUnitedStatesofAmerica.Nopartofthispublica-tionmaybereproduced,storedinaretrievalsystem,ortransmittedinanyformbyanymeans—electronic,mechanical,photocopying,recording,orotherwise—withoutpriorwrittenpermissionfromthepublisher.TheIIApublishesthisdocumentforinformationalandeducationalpurposes.Thisdocumentisintendedtoprovideinformation,butisnotasubstituteforlegaloraccountingadvice.TheIIAdoesnotprovidesuchadviceandmakesnowarrantyastoanylegaloraccountingresultsthroughit...

1、当您付费下载文档后，您只拥有了使用权限，并不意味着购买了版权，文档只能用于自身使用，不得用于其他商业用途（如 [转卖]进行直接盈利或[编辑后售卖]进行间接盈利）。
2、本站所有内容均由合作方或网友上传，本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺！文档内容仅供研究参考，付费前请自行鉴别。
3、如文档内容存在违规，或者侵犯商业秘密、侵犯著作权等，请点击“违规举报”。

碎片内容