Security Basics mailing list archives
Paper - Audit Taxonomy
From: "Craig Wright" <Craig.Wright () bdo com au>
Date: Thu, 21 Jun 2007 06:53:10 +1000
Hello, A while back now I mentioned that I was going to write a definative paper on audit terminology. A few people asked me to forward this and I know a people had been looking to pick it apart ;). The paper is now released (a little latter than anticipated, but such is life). It is titled: "A Taxonomy of Information Systems Audits, Assessments and Reviews". It is available directly from: http://www.sans.org/reading_room/whitepapers/auditing/1801.php Or via the SANS reading room at: http://www.sans.org/reading_room/last.php and http://www.sans.org/reading_room/whitepapers/auditing/ The assertions made in the paper are validated experimentally in the second half of the paper for those who enjoy a little math. Regards, Craig S Wright Abstract: Common misconceptions plague information systems audit as to the nature of security, audit and assessment types and definitions. The dissertation aims at being a definitive guide to define the terminology and detail the related methodologies across the range of information assurance services. The idea is to not only detail and define the types of audit, assessment inspections [etc], but to compare and evaluate the various strengths and benefits of each in a simple and referential critique that may remove an abstraction of error and confusion surrounding these services. The paper will cover the types, history and basis for each type of service. The paper statistically compares the strengths and weaknesses of each and sets out a scientifically repeatable foundation for the deterministic nomenclature used in the industry. Craig Wright Manager of Information Systems Direct : +61 2 9286 5497 Craig.Wright () bdo com au +61 417 683 914 BDO Kendalls (NSW) Level 19, 2 Market Street Sydney NSW 2000 GPO BOX 2551 Sydney NSW 2001 Fax +61 2 9993 9497 www.bdo.com.au Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. The information in this email and any attachments is confidential. If you are not the named addressee you must not read, print, copy, distribute, or use in any way this transmission or any information it contains. If you have received this message in error, please notify the sender by return email, destroy all copies and delete it from your system. Any views expressed in this message are those of the individual sender and not necessarily endorsed by BDO Kendalls. You may not rely on this message as advice unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO Kendalls. It is your responsibility to scan this communication and any files attached for computer viruses and other defects. BDO Kendalls does not accept liability for any loss or damage however caused which may result from this communication or any files attached. A full version of the BDO Kendalls disclaimer, and our Privacy statement, can be found on the BDO Kendalls website at http://www.bdo.com.au or by emailing administrator () bdo com au. BDO Kendalls is a national association of separate partnerships and entities.
Current thread:
- In secured office building, "Free Public WiFi" network shows up out of nowhere Shawn (Jun 19)
- Re: In secured office building, "Free Public WiFi" network shows up out of nowhere Steven Adair (Jun 19)
- Re: In secured office building, "Free Public WiFi" network shows up out of nowhere Kurt Buff (Jun 19)
- RE: In secured office building, "Free Public WiFi" network shows up out of nowhere Scott Ramsdell (Jun 20)
- Paper - Audit Taxonomy Craig Wright (Jun 20)
- RE: In secured office building, "Free Public WiFi" network shows up out of nowhere David Gillett (Jun 20)
- Re: In secured office building, "Free Public WiFi" network shows up out of nowhere Dave Moore (Jun 22)
- <Possible follow-ups>
- RE: In secured office building, "Free Public WiFi" network shows up out of nowhere Jay (Jun 20)