***信息系统审计标准*

fosterpok · 发表于 2006-2-10 14:20

是何时之版本(年份)?

surfman · 发表于 2006-2-10 21:07

本材料于2004 年10 月15 日颁布

surfman · 发表于 2006-2-10 21:15

IT Audit Basics: Approach to Auditing Network Security

fosterpok · 发表于 2006-2-11 09:05

Thanks a lot!

surfman · 发表于 2006-2-11 23:12

STANDARDS FOR INFORMATION SYSTEMS
CONTROL PROFESSIONALS

++ Introduction
The Information Systems Audit and Control Association, Inc. (ISACA) has
long recognised that the specialised nature of information systems (IS)
auditing, and the skills necessary to perform such audits, require
standards that apply specifically to IS auditing. However, as the proportion
of members from the IS Control Professional community grows, the
ISACA has perceived a need to produce further ethical guidance and
standards for its non-audit membership.
The attached Standards for IS Control Professionals are the ISACA’s first steps in meeting this need. In addition, a Draft Code of Professional
Ethics for IS Control Professionals has been issued for re-exposure,
alongside the revised Code of Professional Ethics for ISACA
members and holders of the Certified Information Systems Auditor (CISA)
designation.

+++Objectives

The objectives of the ISACA’s Standards for IS Control Professionals
are to inform
IS Control Professionals of the minimum level of acceptable
performance required to meet the  professional responsibilities set
out in the ISACA Code of Professional Ethics for IS Control
Professionals (currently issued as an exposure draft)
  Management and other interested
parties of the profession’s expectations concerning the work of practitioners Scope and Authority of Standards for IS Control Professionals ISACA’s intent is to respond to the growing need for standards outside the IS Audit profession, including but not
limited to the areas of:
· data security
· business continuity planning
· data and media administration
· quality assurance

The framework for the ISACA’s Standards for IS Control Professionals
provides for multiple levels of standards, as follows:
Standards define mandatory requirements for IS Control
functions.

++  Guidelines

provide guidance in applying standards for IS Control Professionals. The IS Control Professional should consider them in determining how to achieve implementation of the standards, use professional judgment in their application and be prepared to justify any departure.
Procedures provide examples of procedures an IS Control Professional might follow. The procedure documents provide information on how to meet the  standards when performing IS Control Professional functions, but
do not set requirements.
  The Draft ISACA Code of Professional..........................