Chapter 5. Information Gathering

Solutions in this chapter:

▪ Obtaining Information and Issuing Requests

▪ How to Characterize Your Organization

▪ What Happens if Documentation is Incomplete or Unavailable?

▪ What Information Is Required?

▪ General Background Information

▪ Side Issues with Gathering Passwords

▪ Access Control Techniques and Types

▪ Terms and Definitions

Summary

Obtaining Information and Issuing Requests

This section of the book deals with information that the auditor should be requesting to complete their engagement. This is designed as an introduction to formulating a process for researching the organization prior to starting the audit and as an aid to developing the scope.

Later in the chapter we will cover a few specific issues dealing ...

Get The IT Regulatory and Standards Compliance Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The IT Regulatory and Standards Compliance Handbook by Craig S. Wright

Solutions in this chapter:

Obtaining Information and Issuing Requests

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly