IT Strategic and Operational Controls
Published on 24. August 2010
Book
Paperback/Softback
686 pages
978-1-84928-061-7 (ISBN)
Description
Businesses have always had to take care in implementing well-laid out plans if they wish to minimise any risks to efficiency, profits and reputation, whilst simultaneously maximising the accrued benefits of a given project. Nowadays, integrated information systems can magnify these benefits and greatly strengthen an organisation; but such benefits are balanced by a serious risk. If IT systems are not used in a disciplined manner they can create havoc and they frequently bring about unexpected results and catastrophe, as shown by the rise in security incidents and computer-based crimes. IT Strategic and Operational Controls provides a comprehensive guide to implementing an integrated and flexible set of IT controls in a systematic way. It can help organisations to formulate a complete culture for all areas which must be supervised and controlled; allowing them to simultaneously ensure a secure, high standard, whilst striving to obtain the strategic and operational goals of the company.
Written with practicality and convenience in mind, this book is an ideal tool for those without specialised technical expertise seeking to understand IT controls and their design, implementation, monitoring, review and audit issues.
Written with practicality and convenience in mind, this book is an ideal tool for those without specialised technical expertise seeking to understand IT controls and their design, implementation, monitoring, review and audit issues.
More details
Language
English
Place of publication
Ely
United Kingdom
Target group
Professional and scholarly
Product notice
Paperback (trade)
Illustrations
black & white illustrations
Dimensions
Height: 216 mm
Width: 140 mm
Thickness: 35 mm
Weight
785 gr
ISBN-13
978-1-84928-061-7 (9781849280617)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Other editions
Additional editions
John Kyriazoglou
IT Strategic and Operational Controls
E-Book
09/2010
ITGP
€50.49
Available for download
Persons
John Kyriazoglou is an international management consultant with over 35 years' on-the-job practical experience with both private and public sector organisations. He was educated in Canada and the U.S. (B.A. Honours, and M.S.), is a CICA (Certified Internal Controls Auditor), has published over 20 articles in professional publications, has served on numerous scientific committees, is a member of ISACA, the Institute for Internal Controls, Inc. (USA), and other professional and cultural associations, and provides courses in IT Auditing, Security and Electronic Crime Prevention.
Content
Chapter 1: IT ORGANISATION CONTROLS 1.1 Scope 1.2 Purpose and main types of IT organisation controls 1.3 IT department functional description controls 1.4 IT organisation controls 1.5 IT vision, mission and values statements 1.6 IT governance and control frameworks 1.7 Monitoring and review controls 1.8 IT organisation performance measures 1.9 Review and audit tools and techniques 1.10 Conclusion 1.11 Review questions Chapter 2: IT ADMINISTRATION CONTROLS 2.1 Scope 2.2 Purpose and main types of IT administration controls 2.3 IT standards, policies and procedures 2.4 IT budget 2.5 IT asset controls 2.6 IT personnel management controls 2.7 IT purchasing controls 2.8 IT office administration controls 2.9 Monitoring and review controls 2.10 IT administration performance measures 2.11 Review and audit tools and techniques 2.12 Conclusion 2.13 Review questions Chapter 3: ENTERPRISE ARCHITECTURE CONTROLS 3.1 Scope 3.2 Purpose and main types of Enterprise Architecture controls 3.3 Enterprise Architecture (EA) description controls 3.4 Management plan for designing and implementing an Enterprise Architecture (EA) framework 3.5 Enterprise Architecture development roles 3.6 Formulating and documenting the Enterprise Architecture elements 3.7 Other Enterprise Architecture business-related controls 3.8 Enterprise Architecture IT-related controls 3.9 Monitoring and review controls 3.10 Review and audit tools and techniques 3.11 Conclusion 3.12 Review questions Chapter 4: IT STRATEGIC CONTROLS 4.1 Scope 4.2 Characteristics of strategy 4.3 Purpose and main types of IT strategic controls 4.4 IT strategic process controls 4.5 IT strategy implementation controls 4.6 IT strategic performance management controls 4.7 Monitoring and review controls 4.8 Review and audit tools and techniques 4.9 Conclusion 4.10 Review questions Chapter 5: SYSTEM DEVELOPMENT CONTROLS 5.1 Scope 5.2 Purpose and main types of system development controls 5.3 Application systems development process controls 5.4 System development quality controls 5.5 Change management controls 5.6 Systems development personnel controls 5.7 Monitoring and review controls 5.8 Systems development performance measures 5.9 Review and audit tools and techniques 5.10 Conclusion 5.11 Review questions Chapter 6: IT SECURITY CONTROLS 6.1 Scope 6.2 Purpose and main types of IT security controls 6.3 IT security governance guidelines, standards and legal frameworks 6.4 IT security plans and policies 6.5 IT security procedures and practices 6.6 Specialised IT security hardware and software protection controls 6.7 Evaluation and monitoring controls of IT security 6.8 IT security performance measures 6.9 Review and audit tools and techniques 6.10 Conclusion 6.11 Review questions Chapter 7: DATA CENTRE OPERATIONAL AND SUPPORT CONTROLS 7.1 Scope 7.2 Purpose and main types of data centre operational and support controls 7.3 Data centre design and infrastructural controls 7.4 Data centre physical access controls 7.5 Computer hardware management controls 7.6 IT contingency planning and disaster recovery controls 7.7 Monitoring and review controls 7.8 IT operational performance measures 7.9 Review and audit tools and techniques 7.10 Conclusion 7.11 Review questions Chapter 8: SYSTEMS SOFTWARE CONTROLS 8.1 Scope 8.2 Purpose and main types of systems software controls 8.3 Systems software operating environment controls. 8.4 Database controls 8.5 Data communications controls 8.6 Audit trail log file controls 8.7 Monitoring and review controls 8.8 IT technical performance measures 8.9 Review and audit tools and techniques 8.10 Conclusion 8.11 Review questions Chapter 9: IT APPLICATION CONTROLS 9.1 Scope 9.2 Purpose and main types of IT application controls. 9.3 Input, processing and output controls 9.4 IT application database, operation, change and testing controls 9.5 End-user computing controls 9.6 Monitoring and review controls 9.7 IT application performance measures 9.8 Review and audit tools and techniques 9.9 Conclusion 9.10 Review questions Chapter 10: USING IT CONTROLS IN AUDIT AND CONSULTING ASSIGNMENTS 10.1 Scope 10.2 Purpose 10.3 Retail operation: IT strategy case study 10.4 Trading company: applications controls case study 10.5 Public organisation: IT security case study 10.6 IT audit assignment for organisation 'ABCXYZ' 10.7 IT policies and procedures review for company 'ABCXXYX' 10.8 Final conclusion APPENDICES: EXAMPLES OF POLICIES, GUIDELINES, FORMS AND METHODOLOGIES. Appendix 1: Examples of IT security policies Appendix 2: Example of IT ethics code Appendix 3: Monitoring IT controls checklist Appendix 4: Examples of IT forms Appendix 5: IT audit methodology Appendix 6: IT audit areas Appendix 7: Internal audit report example FURTHER RESOURCES Books and articles Other resources ITG Resources