Auditing IT Infrastructures for Compliance, 3rd Edition

Obtaining Information, Documentation, and Resources

The Control Objectives for Information and Related Technology (COBIT) framework provides a good starting point for auditors to assess IT controls. Before beginning an audit, however, the auditor needs to first gather information from people and relevant documentation as well as identify required resources. The information the auditor needs before performing an audit includes the following:

An understanding of the organization and what its business requirements and goals are
Knowledge of how the security program is currently in place
Industry best practices for the type of organization and systems

Documentation related to business structure, configuration, and even previous audits should ...

Get Auditing IT Infrastructures for Compliance, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Auditing IT Infrastructures for Compliance, 3rd Edition by Robert Johnson, Marty Weiss, Michael G. Solomon

Obtaining Information, Documentation, and Resources

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly