A very good overview published in ISACA's Journal back in 2002, and still relevent today.
|
Books
Implement a systematic approach to security in mobile application development with help from this practical guide that also features case studies, code examples and best practices.
Posted by ISACA 351 days ago
|
The IIA has a series of documents called Global Technology Audit Guides ("GTAG"). Although ISACA and the IIA are related organizations, some documents are still for members only. I hope I can still share this overview, however.
|
|
|
Downloads
Posted by ISACA 730 days ago
|
Downloads
Posted by ISACA 730 days ago
|
Volume 5, 2011
by Emanuele Palmas, CISA
Implementing in-house ITGC/ITAC is a great opportunity for auditors to improve their knowledge of the company, and for the company, it is a chance to build IT governance that strengthens corporate governance.
|
Volume 2, 2011
by Loic Jegousse, CISA, CISM, CGEIT, CRISC
The proposed approach in this article will assist in reducing reliance on IT automated controls (ITAC) when it makes business sense to do so.
|
Volume 6, 2009
by Joseph Natovich, Ph.D., CPA
|
Volume 6, 2007
by Tommie Singleton, CISA
|
Volume 4, 2004
by Sanjiv Kumar Agarwala, CISA, CISSP
|
Volume 6, 2002
by Erik Guldentops, CISA, and Steven De Haes
|
These links, which have been contributed by site users, link to external third-party web sites. ISACA has not evaluated these web sites and accepts no responsibility for their suitability, security or privacy practices.
Software engineers shall commit themselves to making the analysis, specification, design, development, testing and maintenance of software a beneficial and respected profession. In accordance with their commitment to the health, safety and welfare of the public, software engineers shall adhere to the following 8 Principles:
1. PUBLIC - Software engineers shall act consistently with the public interest.
2. CLIENT AND EMPLOYER - Software engineers shall act in a manner that is in the best interests of their client and employer consistent with the public interest.
3. PRODUCT - Software engineers shall ensure that their products and related modifications meet the highest professional standards possible.
4. JUDGMENT - Software engineers shall maintain integrity and independence in their professional judgment.
5. MANAGEMENT - Software engineering managers and leaders shall subscribe to and promote an ethical approach to the management of software development and maintenance.
6. PROFESSION - Software engineers shall advance the integrity and reputation of the profession consistent with the public interest.
7. COLLEAGUES - Software engineers shall be fair to and supportive of their colleagues.
8. SELF - Software engineers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession.
|
Computer technology continues to advance toward a tiered decentralized world of distributed platforms for entering, processing, and retrieving information. Technological implementations are diverse and complex; however, all IT deployments should be protected from unauthorized usage utilizing suitable information asset access controls. Given IT interconnectivity, entities should also protect information assets from unauthorized manipulation to safeguard investments from risks associated with resource misuse. Consequently, information assets access control is typically viewed from two abstraction perspectives: physical and logical security.
|
subtle details of the C programming language that could adversely affect an application's security and robustness
Contributed by ISACA on 29 May 2010
|
The Object Management Group (OMG) adopted UML as a standard for software modeling in late 1997. UML is now the defacto standard for software modeling.
Contributed by ISACA on 29 May 2010
|
an approach to application security prescribes how to involve the security professionals in the development process so that the resultant applications behaves predictably and with no surprises
Contributed by ISACA on 29 May 2010
|
"The key anti-cybercrime provisions that are included in this legislation will close existing gaps in our criminal law to keep up with the cunning and ingenuity of today's identity thieves,"
Contributed by ISACA on 29 May 2010
|
|
On the AS/400 (System i) it is possible to audit for default passwords using the ANZDFTPWD command.
A default password is defined as a password which is the same as the user profile.
The command behaves slightly differently depending on the value of the s...
Posted By : Ian Cooke | 0 comments
|
Before we get into auditing Oracle privileges a reminder of a few definitions might be helpful.
A user privilege is the right to run a particular type of SQL statement, or the right to access an object belonging to another user, run a PL/SQL package, and...
Posted By : Ian Cooke | 1 comments
|
|
On March 1st, I was invited to speak at the CampIT conference on Enterprise Risk/Security Management at Rosemont Convention Center.
Before me there were two speakers. The first presenter spent an hour presenting the story from the trenches of technolog...
Posted By : Umesh391 | 0 comments
|
As your Application Controls Group Moderator, I wanted to take some time and start a blog. Not that I have anything stellar to pass along, at least not today, but the tool is here so I thought I'd do something with it.
And I have. But just so you know,...
Posted By : Richard Fowler | 0 comments
|
|
|