During the audit process, an IS auditor reviews the control framework, gathers evidence, evaluates the strengths and
Question:
During the audit process, an IS auditor reviews the control framework, gathers evidence, evaluates the strengths and weaknesses of internal controls based on the evidence and prepares an audit report that presents weaknesses and recommendations for remediation in an objective manner to stakeholders. Explain with at least one example the three main phases of the audit process.
An IS auditor should have a thorough understanding of ComputerAssisted Audit techniques (CAATs) and know where and when to apply them. Discuss five factors to consider when selecting CAATs.
Explain in your own words, forensic soundness and briefly discuss the four (4) principles that must be followed to achieve soundness specific to digital evidence.
2. When professionals fail to uphold a minimum level of ethical standards, the resulting impact can lead to potential digital evidence being overlooked or disregarded during an investigation. Explain to your client the difference between personal ethics, professional ethics and computer ethics stating why they these principles must be followed during an investigation.
Explain the chain of custody stating its importance in computer forensics.
Distinguish between Governance and Management in the field of information system audit.
3.
Policies and standards are considered tools of governance and management, respectively, and procedures and guidelines the purview of operations. Briefly explain IT policies, standards, Procedures and guidelines to a non-IT student.
Audit planning is conducted at the beginning of the audit process to establish the overall audit strategy and detail the specific procedures to be carried out to implement the strategy and complete the audit. Briefly explain the steps in audit planning.
Discuss contingency planning for image acquisition
4.
Clarify information security governance and state five guidelines of how an effective information security governance can be achieved.
It is the responsibility of every digital forensic practitioner to do everything in their power to be objective, honest, truthful, and demonstrate due diligence when conducting an investigation. Discuss three importance of ethics in computer forensics.
c) Explain Project Benefit Realization
5.
Enterprise Governance of Information and Technology (EGIT) implies a system in which all stakeholders, including the board, senior management, internal customers and departments such as finance, provide input into the IT decision-making process. Implementing an EGIT framework addresses these issues by implementing practices that provide feedback on value delivery and risk management. Briefly explain the five (5) main broad processes of EGIT.
Digital forensics is a profession and as such should follow a minimum level of values and principles as required for professional ethics. Explain the fundamental values and principles of ethical behavior and conduct.
Explain digital forensics
Human Resource Management linking strategy to practice
ISBN: 978-0470530498
2nd Edition
Authors: Greg L. Stewart, Kenneth G. Brown