Information Systems Audit
 
Application of IS audit may be divided into two areas:
  • Evaluation of internal control,
  • Evaluation of IS in terms of economy, efficiency, and effectiveness (3Es).
IS audits are conducted such that the security objective of the auditee organisation is evaluated, as under:
  • Information systems are available and usable when required (availability),
  • Data and information are disclosed only to those who have a right to know it (confidentiality), and
  • Data and information are protected against unauthorized modification (integrity).
The relative priority and significance of availability, confidentiality, and integrity vary according to the data within the information system and the business context in which it is used.
 
 
 
     
91186 Times Visited