ابدأ بالتواصل مع الأشخاص وتبادل معارفك المهنية

أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.

متابعة

What are the best auditing tools for information technology?

user-image
تم إضافة السؤال من قبل Muhammad Sajjad Mirza, CISA, CISM , Assistant Director – Internal Audit & Compliance , NADRA Regional HeadOffice
تاريخ النشر: 2013/10/11
Mohd Asim
من قبل Mohd Asim , Assurance Consultant , Ernst & Young LLP

There are various tools or techniques through which an auditor can gather audit evidence in an IT environment.These modules are emebedded into the program and provide continuous audit facility. Some of the common tools are:

1. System Control Audit Review File(SCARF)

2. Integrated Test Facility(ITF)

3. Continuous and Intermittent Simulation(CIS)

4. Snapshot Technique.

مستخدم محذوف‎
من قبل مستخدم محذوف‎

There is a set of tools that are absolutely necessary for conducting a meaningful IT Audit:

1. A solid GRC system that includes risk assessment module and a couple of built-in frameworks

2. Network mapping or discovery tool for example (nessus, GFI Languard, Nimbus etc.)

3. Vulnerability scanner (IP360, Nexpose etc.)

4. Traffic analyzer or packet sniffers (Kismet, Wireshark etc.)

5. Application testing tools like ZAProxy or WebScarab for web facing apps.

6. Very beneficial is a working knowledge of one of the log analyzers or SIEMS (Splunk, LogRythm etc.) and ability to extract reports.

7. Data analysis could be performed with Excel (simple sets), ACL or IDEA (more complex sets) or even statistical tools like SAS packages.

8. You will need a couple of virtual machines, depending on your platform (linux, windows), one standalone laptop or desktop. Lots of memory and processing power for large datasets.

Also don't forget to take network administrator to lunch and keep good relationships with the Information Security manager and a few programmers in JAva, PHP and Ruby and of course .NET guys.

 

Good luck!

 

 

 

المزيد من الأسئلة المماثلة