Security, Control and Assurance

ISACA/ITGI Research Publications COBIT and Application Controls:  A management Guide This guide helps business executives, business management, and IT management, as well as IT developers and implementers, internal and external auditors and other professionals manage and provide assurance regarding application controls. COBIT Security Baseline: An Information Security Survival Kit, 2nd Edition This guide, based on COBIT 4.1, consists of a comprehensive set of resources that contains the information organizations need to adopt an IT governance and control framework. COBIT covers security in addition to all the other risks that can occur with the use of IT. COBIT Security Baseline focuses on the specific risk of IT security in a way that is simple to follow and implement for the home user or the user in small to medium enterprises, as well as executives and board members of larger organizations. COBIT 4.1 This newest version of ISACA’s world-renowned IT governance and control framework offers incremental changes to version 4.0, presenting a streamlined, pragmatic and business-focused approach to implementing IT governance enterprisewide. IT Control Objectives for Sarbanes-Oxley 2nd Edition ITGI has released an updated edition of its well-received publication, IT Control Objectives for Sarbanes-Oxley. The first edition, published in 2004, has been downloaded more than 250,000 times. Companies around the world have used it as a tool for evaluating IT controls in support of Sarbanes-Oxley compliance. Experts from many organizations, including the top 10 accounting and professional firms, provided input and direction for the update. Now available in Japanese and Italian. Information Security Governance: Guidance for Boards of Directors and Executive Management 2nd Edition (PDF, 500K) Reviews the increasing importance of governance over the security aspect of information and related systems. Based on the IT governance framework described in the Board Briefing on IT Governance. Now available in Japanese (PDF, 315K) and Japanese Supplement (PDF, 20K). COBIT Quickstart This is an abbreviated version of COBIT designed for small to medium enterprises, or those organizations in which IT is not strategically critical to enterprise success. Available from the ISACA Bookstore. Articles/Papers IT Assurance Framework Issued by ITGI’s affiliate, ISACA, ITAF is a comprehensive and good-practice-setting model that provides guidance on the design, conduct and reporting of IT audit and assurance assignments; defines terms and concepts specific to IT assurance; and establishes standards that address IT audit and assurance professional roles and responsibilities, knowledge and skills, and diligence, conduct and reporting requirements. Empfehlungen der Schweizerischen Finanzkontrollen für Informatikprojekte (PDF, 310K) Recommandations des contrôles des finances à l’égard des projets informatiques (PDF, 310K) National Strategy to Secure Cyberspace Issued in 2003 by the US Department of Homeland Security Information Security Risk Assessment Guide – Practices of Leading Organizations (PDF, 716K) From U.S. General Accounting Office The New Corporate Governance Model: A Focus on Independence, the Audit Committee and the Accounting Profession (PDF, 128K) by Robert S. Roussey, originally printed by Marshall School of Business, University of Southern California, USA Links Carnegie Mellon Software Engineering Institute CERT Coordination Center Center for Education and Research in Information Assurance and Security Certified Information Security Manager (CISM) Communications Security Establishment Computer Security Institute Computer Security Resource Clearinghouse (US National Institute of Standards and Technology) InfoSysSec, The Security Portal for IS Security Professionals Institute for Internal Auditors International Computer Security Association Internet for the US Federal Inspector General Community ISACA ISO17799 IT Audit Forum Partnership for Critical Infrastructure Security SANS Institute Stay Safe Online US General Accounting Office US House of Representatives Office of Inspector General US Intergovernmental Audit Forum