|
WELCOME TO THE WORLD of IT Audit, Control, and Security. Much has
changed in information technology (IT) auditing since we published our
first edition of this book when we were then called Computer Auditors. Back
in those days, traditional mainframe or legacy computer systems were still common, we
had difficulty envisioning laptop systems as serious business information systems tools,
and the Internet was little more than an e-mail and text document communications tool
for many. Computer security then was largely based on locked, secured mainframe
facilities, and we were just seeing the very first computer viruses. Many auditors, both
internal and external, typically had only limited knowledge about IT systems controls,
and there were wide knowledge gaps among auditors, systems security specialists, and
developers. It is hard to focus on just one development or event that has turned our view
of IT audit controls into a separate discipline. However, the overall influence of the Web
along with audit, security, and internal controls concerns has made IT controls more
important to many today.
When it comes to computer security, the role of auditors today has never been more crucial. Auditors must ensure that all computers, in particular those dealing with e-business, are secure. The only source for information on the combined areas of computer audit, control, and security, the IT Audit, Control, and Security describes the types of internal controls, security, and integrity procedures that management must build into its automated systems. This very timely book provides auditors with the guidance they need to ensure that their systems are secure from both internal and external threats. |
|