Chapter Three

Software Security Issues

IN THIS CHAPTER WE will learn about major software security issues that an information systems auditor should be concerned about. At the end of the chapter, we will be in a position to recognize the software security aspects that we need to include in our audit plan.


In the course of an audit, the information systems auditor is likely to come across various types of software. In the following section, we have identified the common types of software most likely to be present in an auditee environment and the minimum control features that each of those software types should have.

System Software

System software is a set of instructions that perform the central control function for the computer system. It directs the way the computer responds to a program request and interfaces with other devices. When we switch on our laptop, the machine executes a series of commands before starting to load the operating system. Those commands form a part of the system software. Despite our installing different operating systems on our laptop, the series of commands it executes before commencing loading of the operating software remains the same. It is the system software that directs the laptop to the hard disk, DVD drive, USB drive, or network location to search for the operating software. In cases of complex systems, like large servers, the system software defines the borders of performance of the hardware.

Integrity of system ...

Get Understanding and Conducting Information Systems Auditing + Website now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.