System Audit: Looking for Ways to Control Security Issues

Contributed by John W. McClain

Protecting company assets, privacy and employees is vital for companies operating in a hyper connected world. The number of products and services designed to provide security seem to multiply on a daily basis. Obviously, the need to secure the lines of communications that allow business and individuals to come together in a mutual exchange of products and services are very important to everyone. But, the increased number of security incidents and hacks seem to coincide with the proliferation of security products. The purpose of this paper is to discuss why some of these incidents continue to occur and a lot of them involve the same scenario. The usual reason for issues are product rush to market, change control process not followed and historical systems that have flaws but still being used by companies. One area that would help a lot of companies is to conduct better IT Audits. The process is similar to risk assessment but with an emphasis on the total system with more frequency. The risky environment that companies are operating in today requires timely information. This paper will discuss using continuous auditing concepts for security.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet