Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

What are the best auditing tools for information technology?

user-image
Question ajoutée par Muhammad Sajjad Mirza, CISA, CISM , Assistant Director – Internal Audit & Compliance , NADRA Regional HeadOffice
Date de publication: 2013/10/11
Mohd Asim
par Mohd Asim , Assurance Consultant , Ernst & Young LLP

There are various tools or techniques through which an auditor can gather audit evidence in an IT environment.These modules are emebedded into the program and provide continuous audit facility. Some of the common tools are:

1. System Control Audit Review File(SCARF)

2. Integrated Test Facility(ITF)

3. Continuous and Intermittent Simulation(CIS)

4. Snapshot Technique.

Utilisateur supprimé
par Utilisateur supprimé

There is a set of tools that are absolutely necessary for conducting a meaningful IT Audit:

1. A solid GRC system that includes risk assessment module and a couple of built-in frameworks

2. Network mapping or discovery tool for example (nessus, GFI Languard, Nimbus etc.)

3. Vulnerability scanner (IP360, Nexpose etc.)

4. Traffic analyzer or packet sniffers (Kismet, Wireshark etc.)

5. Application testing tools like ZAProxy or WebScarab for web facing apps.

6. Very beneficial is a working knowledge of one of the log analyzers or SIEMS (Splunk, LogRythm etc.) and ability to extract reports.

7. Data analysis could be performed with Excel (simple sets), ACL or IDEA (more complex sets) or even statistical tools like SAS packages.

8. You will need a couple of virtual machines, depending on your platform (linux, windows), one standalone laptop or desktop. Lots of memory and processing power for large datasets.

Also don't forget to take network administrator to lunch and keep good relationships with the Information Security manager and a few programmers in JAva, PHP and Ruby and of course .NET guys.

 

Good luck!

 

 

 

More Questions Like This