信息安全审计
江苏美特罗信息科技有限公司 2018-07-13 09:23:53 作者:SystemMaster
通过专业的信息安全审计培训服务,各企事业单位可以培养自己的信息安全审计专家,满足机构长远的信息安全审计能力要求,发现遇到的各类信息安全问题;将助您在信息安全领域提升竞争能力.
IT audit methodology requires us to understand, document and test selected controls within the computer processing environment in relation to the significant applications.
We will conduct the following:
1)Obtain an understanding of the general computer controls environment for each location. This will include the 6 areas noted below at 3) and the following 4 areas:
Information Strategy and Planning
Relationship with Outsourced Vendors
Business Continuity Planning
Technique Support
2)Obtain an understanding of the Application-specific Controls environment for each location. This will include the 6 areas noted below at 3) and the following 4 areas:
ERP
HR System
PDM
Other significant applications
3)Conduct Design & Implementation* and Operating Effectiveness** testing for the following six areas of general computer controls and Application-specific Controls as specified by the International Audit Approach (IAA) guidelines:
Information Security
Application Systems Implementation and Maintenance
Information Systems Operations
Database Implementation and Support
Network Support
System Software Support
