O'Reilly logo

The CISA® Prep Guide: Mastering the Certified Information Systems Auditor Exam by John Kramer

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

4.1. Security Risks and Review Objectives

Access to IS resources should be controlled in order to protect them against unauthorized use, modifications, loss, or damage. Proper controls over the information asset access will assist in the prevention, detection, or correction of deliberate or accidental errors or exposure caused by inappropriate access or data manipulation. These are the basic objectives and rationale for assessing security. At an even more basic level, the CIA model of information security (Confidentiality, Integrity, and Availability) is always instructive.

Remember that most audit activity has its roots in gaining assurance that the company's financial reports are accurate and reflect the actual fiduciary picture of the business to outside concerns. Auditing is a way for a third party, regulator, investor, business partner, shareholder, or whomever to send in a reasonably knowledgeable professional (you) to assess for them that what they are being told is good information. The data that this group is using to make business decisions must have integrity for this to be the case. Integrity means that the data is accurate, unchanged, and represents what is really happening inside the business processes and, by extension, for the customers and suppliers of those processes. Integrity also implies that the data has not been altered or modified outside of normal processing, and when it has, it is because the process meant it to be done and only for the reason that it ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required