PacketSource — Security White Papers
 
A A A
 

The Institutional Need for Comprehensive Auditing Strategies

Published Feb. 5, 2011 from SANS

This paper begins with a definition of auditing, as the word “audit” can mean different things to different people, and contrasts the use of auditing in data processing’s early days to its function in the world of IT, today. The intent is to show that the interconnectedness brought about by business conducted over the Internet alters the scope and approach of audits. Audits once performed at the application or line of business level, though still necessary, are no longer sufficient to surface and assess all exposures created by the new environment. Further arguments elaborate on the impact and implications of the technology that have enabled e-Business and show not only the distinctions between past and present environments, but also become a requirements list for a comprehensive audit strategy. Finally, a series of recommendations are made that outline the foundational elements an organization needs to enable an effective strategy.

Tags:

PDFRead the complete paper at SANS