intosai.org
psc-intosai.org
Guidance in audit of security of information systems
Summary
Working title: Guidelines on Information Systems’ Security Audit, including Cyber Security (Earlier ISSAI 5310)
The project aims at creating a relevant GUID for use by field Audit practitioners, with the objectives of executing the following processes
- Aligning the guidance with ISSAI 100 and the revised GUID 5300
- Identification of universe of information systems assets in use by audited entity
- Identification of potential threats and counter measures for mitigation and avoidance of risk exposure to assets
- Evaluation of internal controls already adopted by audited entity
- Risk Analysis, quantified in terms of risk exposure determined by combination of criticality of information asset(s) and business impact of failure
- Issue of recommendations, based on computed risk exposure
IFPP Category
INTOSAI Guidance
Evolution
- Project Proposal
- Preparing Exposure Draft
- Open for comments
- Analysing Comments
- Preparing Endorsement Version
- Endorsement Version
Project proposal
| Document | |
| Project proposal | Download |
Exposure Draft
| Document | Comments Received | Action |
| Exposure draft | 0 | Comments are closed |
Endorsement Version
| Document |
Actions
Follow for updates
