أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.
There are various tools or techniques through which an auditor can gather audit evidence in an IT environment.These modules are emebedded into the program and provide continuous audit facility. Some of the common tools are:
1. System Control Audit Review File(SCARF)
2. Integrated Test Facility(ITF)
3. Continuous and Intermittent Simulation(CIS)
4. Snapshot Technique.
There is a set of tools that are absolutely necessary for conducting a meaningful IT Audit:
1. A solid GRC system that includes risk assessment module and a couple of built-in frameworks
2. Network mapping or discovery tool for example (nessus, GFI Languard, Nimbus etc.)
3. Vulnerability scanner (IP360, Nexpose etc.)
4. Traffic analyzer or packet sniffers (Kismet, Wireshark etc.)
5. Application testing tools like ZAProxy or WebScarab for web facing apps.
6. Very beneficial is a working knowledge of one of the log analyzers or SIEMS (Splunk, LogRythm etc.) and ability to extract reports.
7. Data analysis could be performed with Excel (simple sets), ACL or IDEA (more complex sets) or even statistical tools like SAS packages.
8. You will need a couple of virtual machines, depending on your platform (linux, windows), one standalone laptop or desktop. Lots of memory and processing power for large datasets.
Also don't forget to take network administrator to lunch and keep good relationships with the Information Security manager and a few programmers in JAva, PHP and Ruby and of course .NET guys.
Good luck!