Educause Security Discussion mailing list archives
Fw: [SECURITY] IT Internal Audit Framework
From: Carlos Lobato <clobato () NMSU EDU>
Date: Fri, 9 Jan 2015 20:01:49 +0000
I forgot to mention that internal auditors and external auditors will likely use COBIT as their IT auditing framework - http://www.isaca.org/cobit/ ________________________________ From: Carlos Lobato Sent: Friday, January 09, 2015 12:51 PM To: The EDUCAUSE Security Constituent Group Listserv Subject: Re: [SECURITY] IT Internal Audit Framework Vito, The Internal Auditing profession overall is regulated by the International Professional Practices Framework (IPPF) promulgated by The Institute of Internal Auditors<http://www.theiia.org/> (IIA). At a lower specialize IT level, ISACA<http://www.isaca.org/> has some standards that IT auditors must follow when conducting IT audits, but they align with the IPPF. As far as Higher Ed is concern, The Association of College & University Auditors<http://www.acua.org/> (ACUA) develops guidance and resources for higher ed auditors, but they all align with the IPPF framework. All professional Internal Auditors and their respective Departments follow the IPPF because their practices are assessed on a regular basis by independent third parties to conformance with this framework and the outcome is reported to their Governing Body i.e. Board of Regents, etc. Carlos, Carlos S. Lobato, CISA, CIA, CISSP IT Compliance Officer New Mexico State University Information and Communication Technologies MSC 3AT PO Box 30001 Las Cruces, NM 88003 Phone (575) 646-5902 Fax (575) 646-5278 ________________________________ From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Vito Rocco <vito.rocco () UNLV EDU> Sent: Friday, January 09, 2015 12:16 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] IT Internal Audit Framework Does anyone have an example of an auditing framework that is tailored to higher ed? For now, I don't care what standard it is based on. I am just trying to gather some examples. If you have something that you use for internal auditing and you would be willing to share it, please feel free to contact me outside of the list. Thanks, Vito Rocco, MS-IT, CISSP, EnCE Information Security Specialist University of Nevada, Las Vegas (702) 895-0400 - Office (702) 895-1847 - Fax Security Reports to: informationsecurityoffice () unlv edu<mailto:informationsecurityoffice () unlv edu>
Current thread:
- IT Internal Audit Framework Vito Rocco (Jan 09)
- Re: IT Internal Audit Framework Carlos Lobato (Jan 09)
- Fw: [SECURITY] IT Internal Audit Framework Carlos Lobato (Jan 09)
- Re: IT Internal Audit Framework Jim Dillon (Jan 13)
- Re: IT Internal Audit Framework Spaller, Mary E. (Jan 09)
- Re: IT Internal Audit Framework Carlos Lobato (Jan 09)