ICT Security Auditing

ICT Security Auditing

Arturo Ribagorda (Carlos III University of Madrid, Spain) and Jose M. Sierra (Carlos III University of Madrid, Spain)
Copyright: © 2000 |Pages: 29
DOI: 10.4018/978-1-878289-75-9.ch003
OnDemand PDF Download:


There is no doubt about the essential role that information plays in current society. Furthermore, it looks certain that this role will be more important in the next century. Consequently, it is not an exaggeration to nominate this society as the Information Society, just as other eras that were called Agricultural or Industrial. Therefore, informatics, or more general, information and communications technologies (from now on, ICT) have a predominant place in our technological societies. On the other hand, it is obvious that protection controls are already required to make information and its technologies reliable and trusted. Otherwise, it is obvious that this need of security will be higher in the near future. Migration from accepted systems and procedures (commercial, administrative, technical, etc.) to new ones (electronic commerce, digital cash, tele-working, electronic mail, etc.) will not be accepted by the people without an improvement of security. However, microcomputers and networks—without which is impossible to conceive modern companies—represent a risk for information management. In this way, threats and attacks included in science fiction movies are feasible today for organizations and people only using a PC and a simple telephone line. Then actual threats are employees, hackers, virus creators, competitor companies, etc., all of those can produce substantial losses for the information systems. Curiously, the same technologies that increase the productivity can also provoke losses due to the lack of security. All this justifies a rise in attention to the information security and motivates the growing interest in security audit. This one has become the only method to guarantee the accurate working of the security controls and, hence, to assure the reliability and trust on the information and the ICT that process it. As we said above, there are many risks associated with network use, so this field is one of the most interesting from a security view. Therefore, after a brief look at security, we will focus on the network security and its auditing.

Complete Chapter List

Search this Book:
Table of Contents
Mario Piattini
Chapter 1
Rafael Rodriguez
The challenge of information system auditing, as it is known nowadays, is a consequence of a most important current trend, namely the change from an... Sample PDF
Basic Concepts of Information Systems Auditing
Chapter 2
Jane Fedorowicz, Ulric J. Gelinas
In 1996, the Information Systems Audit and Control Foundation (ISACF) published Control Objectives for Information and Related Technology (COBIT)1.... Sample PDF
Adoption and Usage Patterns of a Framework for IT Control and Audit
Chapter 3
ICT Security Auditing  (pages 38-66)
Arturo Ribagorda, Jose M. Sierra
There is no doubt about the essential role that information plays in current society. Furthermore, it looks certain that this role will be more... Sample PDF
ICT Security Auditing
Chapter 4
Francisco Ruiz, Mario Piattini, Macario Polo, Coral Calero
Whereas hardware technology has been developed with considerable speed, software technology has suffered from a historical delay in the elaboration... Sample PDF
Audit of Software Maintenance Process
Chapter 5
Auditing Data Warehouses  (pages 109-147)
Jose A. Rodero, Mario Piattini
The need to have a separate database in order to support the decision process was first recognized at the beginning of the 1970s (Sprague and... Sample PDF
Auditing Data Warehouses
Chapter 6
Miguel Angel Davara
According to Professor Davara1, we could state that the information technology (i.e., the science of the automatic treatment of information)... Sample PDF
Information Technology Audit: Legal Aspects
Chapter 7
Juan Garbajosa, Pedro Pablo Alarcon
Data has become one of the most valuable assets in corporations as a result of information technology evolution. To run businesses satisfactorily... Sample PDF
Framing Database Audit of ISO/IEC 12207 Software Life Cycle Processes
Chapter 8
Bart van Lodensteijn
One of the objectives of a chapter or book title can be the subject, or it can unveil the opposite: the title is the subject of its own objectives... Sample PDF
Auditing Quality is Quality Auditing
Chapter 9
Jose Luis Lucero
All the processes carried out in most organizations are liable to be audited so that they allow more confidence in the organization itself and/or in... Sample PDF
Function Point Metric Auditing
About the Authors