Home > Articles

This chapter is from the book

This chapter is from the book

Data Audits

After all the tasks discussed so far in this chapter have been performed, the organization’s security management practices need to be evaluated periodically. This is accomplished by means of an audit process. The audit process can be used to verify that each individual’s responsibility is clearly defined. Employees should know their accountability and their assigned duties. Most audits follow a code or set of documentation. For example, financial audits can be performed using the Committee of Sponsoring Organizations of the Treadway Commission (COSO). IT audits typically follow the Information Systems Audit and Control Association (ISACA) Control Objectives for Information and Related Technology (COBIT) framework. COBIT is designed around four domains:

  • Plan and organize

  • Acquire and implement

  • Deliver and support

  • Monitor and evaluate

Although the CISSP exam will not expect you to understand the inner workings of COBIT, you should understand that it is a framework that helps provide governance and assurance. COBIT was designed for performance management and IT management, and it is considered a system of best practices. COBIT was created by the ISACA and the IT Governance Institute (ITGI) in 1992.

Auditors can use COBIT, and this framework is also useful for IT users and managers designing controls and optimizing processes.

Audits make it possible to verify that the controls put in place are working, that the policies that were written are being followed, and that the training provided to employees actually works. To learn more about COBIT, see www.isaca.org/cobit/. Another set of documents that can be used to benchmark the infrastructure is the ISO 27000 family of standards; for details, see www.27000.org.

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.