Using Neural Network Software as a Forensic Accounting Tool (English)

IS Security Matters: IS Security Matters?

Editorial - Issues & Comments

Editorial - Issues & Comments - Editor in Chief Michael P Cangemi, CISA, CK discusses biometrics, the joy of book collecting and e-business, and notes the passing of an IS audit pioneer. A list of biometrics vendors accompanies the column.

Editorial - Issues & Comments - Editor in Chief Michael Cangemi, CISA, CPA, discusses how terrorist attacks will cause companies and governments to increase their investments in biometrics.

Guest Editorial: IT Governance Comes of Age

Editorial - Issues & Comments - Editor-in-Chief Michael P Cangemi, CISA, CPA, announces a unique issue of the Information Systems Control Journal, one devoted to IT governance and lends his thoughts on how the topic is aligned with the ISACA vision statement

Issues&Comments

Taking a Look Back: Data Security Excerpted and reprinted from The EDP Auditor Journal, Winter 1980

IT Audit Basics: The Minimum IT Controls to Assess in a Financial Audit (Part II)

Guest Editorial: Business Reform and Change Enabled by IT-An Alternative Perspective

IS Security Matters: Converging Need, Diverging Response

Book Review - Auditing and Security: AS-400, NT, UNIX, Networks and Disaster Recovery Plans - This book is an excellent text on the issues that IT auditors need to concentrate on to successfully audit the more common operating systems of AS-400, NT and UNIX, as well as networks.

No Harm, No Foul

IS Security Matters: Information Security and the Resilient Enterprise

IT Security Matters: Alerts, Alarms and Triggers

Information Security and the Resilient Enterprise

Auditing and Security: AS/400, NT, UNIX, Networks and Disaster Recovery Plans

IS Security Matters - No Harm, No Foul

Book Review - Digital Signatures Security and Control - The review notes the book's aim of providing clarity on the central issues surrounding the safe use of the web for normal business and commercial activities and describes the content of each of its seven chapters.

IS Security Matters: The Resilient Toothbrush

Digital Signatures Security and Control

IS Security Matters: Reliable Security, Revisited

The Art of Deception: Controlling the Human Element of Security

"Lingering Doubt"

IS Security Matters - "Lingering Doubt" - Steve Ross, CISA, addresses the puzzlement when survey respondents answer questions one way, yet hold opinions in another direction

Help Source - Help Source Q & A

Standards. Statements, Guidelines - ISACA(R) Member and CISA(R) Compliance

IS Security Matters - Vive le ROI - Steven J. Ross, CISA, discusses the return on investment conundrum that exists when investing in security. Investing in security is not like investing in stocks and bonds. One cannot put money in and simply wait for dividends and growth.

HelpSource Q& A

Vive le ROI

Sarbanes-Oxley Status

IT Value: Securing Value: Treasure Buried in Business Cases

IT Audit Basics: Generalized Audit Software: Effective and Efficient Tool for Today's IT Audits

IS Security Matters - Standard Questions - Steven J Ross, CISA, calls for differing, demand-driven international standards developed and disseminated after the market has decided which is best, not before.

IT Audit Basics: Sarbanes-Oxley Status

differing, demand-driven international standards developed and disseminated after the market has decided which is best, not before

IT Audit Basics: What Every IT Auditor Should Know About IT Audits and Data

IT Governance - Risk-aware Decision Making for New IT Investments

Risk-aware Decision Making for New IT Investments

Standards, Statements, Guidelines - Standards and guidelines for maintaining compliance for both ISACATM membership and the CISA(R) designation are outlined and the status of ISACA issuances noted.

Standards and guidelines for maintaining compliance for both ISACA™ membership and the CISA® designation are outlined and the status of ISACA issuances noted

IT Governance: Information Security Governance: Who Needs It?

Effective Use of Teams for IT Audits

Book Reviews - Effective Use of Teams for IT Audits

IT Audit Basics: What Every IT Auditor Should Know About Cybercrimes

Standards, Statements, Guidelines - ISACA(R) Member and Certification Holder Compliance

IT Governance: Driving Value From Information Security: A Governance Perspective

Guest Editorial: Insights From Nature-An Alternate Approach to Information Security

IT Value: The Drive for Value Management

The Vest-Pocket Guide to Information Technology

Book Reviews - The Vest-Pocket Guide to Information Technology - Both of these books, reviewed by Sarathy Emani, CISA, received high marks from the reviewer. Both contain the promised information their titles indicate

Is the Future Unpredictable?

ISecurity Matters - Is the Future Unpredictable?

IT Audit Basics - IT Audit Career Development Plan

IT Audit Career Development Plan

Global Perspectives: IT Audit Education

Review of ISACF publication: Control Objectives for Net Centric Technology

Fraud Analysis Technique Using ACL

IT Governance - Assessing the European IT Governance Climate - Vernon Poole reports on the status of IT governance in Europe in the wake of increasing security attacks and the adoption of BS 7799 as an ISO standard in September 2000.

IT Governance: New Players, Challenges and Opportunities

Book Reviews - Review of ISACF publication: Control Objectives for Net Centric Technology - Peter Hill, CISA succinctly, yet thoroughly, describes what the potential readers of this four-volume set can expect and how the information imparted will help them in their profession

Assessing the European IT Governance Climate

Plus - HelpSource Q & A

IT Governance - The Role of the Auditor in IT Governance - Alex Woda discusses the importance, now more than ever, of the auditor's involvement in supporting and helping implement corporate governance in IT and management.

Five Questions With...

Security Monitoring

R&D Collaboration: The Process, Risks and Checkpoints

The Role of the Auditor in IT Governance

Auditing Governance in ERP Projects

Book Review: Principles of Fraud Examination

Principles of Fraud Examination By Joseph T. Wells

Standards, Statements, Guidelines - Procedures to maintain compliance for both ISACA membership and the CISA designation are outlined and the status of ISACA issuances is noted

Computer Aided Fraud Prevention and Detection-A Step-by-step Guide

IT Audit Basics - Auditing Governance in ERP Projects

IT Audit Basics: What Every IT Auditor Should Know About Auditing Information Security

Global Perspectives

Top 10 Security and Privacy Topics for IT Auditors

Features - Automated User Authentication: The Final Frontier of Information Security - New forms of user authentication are required in the face of increasingly apparent password weaknesses. Only stronger user authentication can mount a frontal assault on the chief method information criminals use to gain unauthorized access: Masquerading as an authorized user.

IT Governance: Containing Corporate Governance Costs: The Role of Technology

Automated User Authentication: The Final Frontier of Information Security

Plus - Technical Q & A, Helpsource

IT Governance - Key Success Factors for Implementing IT Governance

Key Success Factors for Implementing IT Governance

IT Governance - Boards and IT -- Unleash the Value, Put a Leash on the Risks - Erik Guldentops, CISA, discusses the need for boards and executives to put IT firmly onto their organization's governance agenda. Complexity, speed, interconnectivity and globalization make IT strategic to enterprise growth and render it essential for enterprise survival.

Boards and IT-Unleash the Value, Put a Leash on the Risks

Case Study: Building Acceptance and Adoption of COBIT at Sun Microsystems

Risk Assessment Tools: A Primer

Building Acceptance and Adoption of CobiT at Sun Microsystems

IT Governance: Practices in IT Governance and Business-IT Alignment

Improving Regulatory Compliance: How to Make Content Protection Controls Effective

Features - Computer Forensics -- From Cottage Industry to Standard Practice - Computer forensics is the collection, preservation, analysis and court presentation of computer-related evidence. The proper seizure and analysis of this evidence is important in any investigation where a computer is the means or an instrument of a crime or other offense or may contain evidence relevant to an investigation.

Practical Pointers - Managed Risk, Enhanced Response - Sean Adee, CISA, discusses how the next generation of security provides for real-time, consolidated, security-driven event monitoring for devices such as IDS and firewall products and the ability to monitor information from other resources such as operating systems and ERPS

Managed Risk, Enhanced Response

Auditing a Security Information Management System

Computer Forensics-From Cottage Industry to Standard Practice

Due Professional Care

When Chaos Rules, Only the Fittest Survive: The Impact of Disruptive Technologies on Organizational Survival

IT Audit Basics - Due Professional Care - Frederick Gallegos, CISA, CGFM, CDE, focuses on the importance and process of due professional care, in this second installment of the Journal's newest column.

Business Continuity Management Standards -- A Side-by-side Comparison

IT Governance and Corporate Governance at ING

Case Study - IT Governance and Corporate Governance at ING

IT Value: Benefits Realisation and Programme Management: Beyond the Business Case

The Unique Benefits and Risks of USB Mass Storage Devices

Developing an Information Security and Risk Management Strategy

Features - Benefits of Year 2000 Work - This feature-length article is a compilation of some of the lessons learned that were results of the extensive planning and alterations that occurred in preparation for Y2K. The comments were gleaned from the contingency planning listserv

Benefits of Year 2000 Work This feature-length article is a compilation of some of the lessons learned that were results of the extensive planning and alterations that occurred in preparation for Y2K. The comments were gleaned from the contingency planning listserv

Features - Cybersecurity and the Future of E-commerce: The Role of the Audit Community - The author opines that a major attack now, if successful, could significantly influence the future development of the e-commerce business model and have severe ramifications for the victimized organization(s). The article advocates the need to continue and expand the auditing community's move toward a full partnership role with management.

COBIT Control and Governance Maturity Survey

Cybersecurity and the Future of E-commerce: The Role of the Audit Community

COBIT Control and Governance Maturity Survey - Participate in the COBIT Control and Governance Maturity Survey. The information gained as a result of the survey will be useful and beneficial to all who aspire to more effective IT governance.

Case Study: Assessing IT Security Governance Through a Maturity Model and the Definition of a Governance Profile

The Changing Realities of Recovery

IT Governance and Post-merger Systems Integration

A Beginner's Guide to Auditing the AS/400 Operating System

The IT Balanced Scorecard-A Roadmap to Effective Governance of a Shared Services IT Organization

Justifying IT Projects: Connecting the Dots From Systems to Business Value

Guidance on Tax Compliance for Business and Accounting Software and SAF-T

Case Study - The IT Balanced Scorecard - A Roadmap to Effective Governance of a Shared Services IT Organization - This article, written by Ronald Saull, MBA, CSP, Senior Vice President and Chief Information Officer of the Information Services division of Great-West Life, London Life and Investors Group, includes a discussion of the trend for consolidation and the consequent impact on IT operations

A Beginner's Guide to Auditing the AS-400 Operating System - This article provides the novice auditor, IT or otherwise, with an overview of how to perform an AS-400 operating system review.

Features - Mathematical Proofs of Mayfield's Paradox: A Fundamental Principle of Information Security - The authors provide two mathematical proofs of Mayfield's Paradox, which states that keeping everyone out of an information system requires an infinite amount of money and getting everyone onto an information system requires an infinite amount of money, but the costs between these extremes are relatively low. By The University of New Haven Center for Cybercrime and Forensic Computer Investigation and The University of Southern California Department of Mathematics

Mathematical Proofs of Mayfield's Paradox: A Fundamental Principle of Information Security

End Point Security

What Is Your Risk Appetite? The Risk-IT Model

Developing Metrics for Effective Information Security Governance

Case Study - What Is Your Risk Appetite? The Risk-IT Model

Implementing Enterprise Security: A Case Study (Part 1)

Increasing Security Levels - The increasing use of technology has exposed individuals to security issues. As biometric devices become more widely used to protect valuable assets and minimize unauthorized access, the accounting profession must prepare for the impact that this is likely to have on audits.

Measuring and Improving IT Governance Through the Balanced Scorecard

Increasing Security Levels

Features - Securing Emerging Internet Applications - As the Internet has become more popular, the fundamental infrastructure of a seamless network no longer exists and no longer guarantees widely available and transparent communication. Using standard protocols requires coordination among multiple Internet administration points. Understanding these changes is the starting point to using the new Internet.

People, Portfolios and Processes: The 3P Model of IT Governance

Delivering Higher-quality Security Service Using Asset Identification in Resource-constrained Environments

Securing Emerging Internet Applications

Driving Value From Nonrevenue-generating Activities: Myths and Misunderstandings of Governance and Risk Management

IT Governance Hands-on: Using COBIT to Implement IT Governance

Dispelling and Construction of Social Accounting in View of Social Audit

Auditing Printer Security

Optimizing Controls to Test as Part of a Risk-based Audit Strategy

The Balanced Scorecard and IT Governance This article reflects research and observation by Wim Van Grembergen, Ph.D., a prolific writer on this topic. This article, as will be others in the future, emanated from workings of the ISACA IT Governance Institute

Features - The Balanced Scorecard and IT Governance - This article reflects research and observation by Wim Van Grembergen, PhD, a prolific writer on this topic. This article, as will be others in the future, emanated from workings of the ISACA IT Governance Institute

Fighting Security Breaches and Cyberattacks with Two-Factor Authentication Technology

Features - Fighting Security Breaches and Cyberattacks with Two-Factor Authentication Technology - In response to increasing attacks, companies should spend time planning a strategic layered defense that uses overlapping computer technologies to detect, react to and deter would-be hackers. The author recommends two-factor authentication, which matches who the user is with what the user has to ensure valid, reliable identification.

The Computer Forensics and Cybersecurity Governance Model

Key Elements of an Information Risk Management Program: Transforming Information Security Into Information Risk Management

Mac OS X: A Secure Platform and a Valuable Security Tool in a Distributed Network Environment

Siebel's eBusiness Application and Controls

Plus - CE Quiz #75, Based on Volume 6, 2000, E-commerce -- The Next Permutation

How Can Security Be Measured?

Siebel's eBusiness Application and Controls - This article will focus on the Siebel eBusiness application architecture and the control considerations related to the quality aspects security, integrity, auditability and controllability.

Enhancing IT Governance Through Enterprise Management Software Solutions

Features - Enhancing IT Governance Through Enterprise Management Software Solutions - Taking a different tack from the other articles, this one is centered on key features in most enterprise management software and vendors who offer these as specific products or in suites

Computer Forensics Technologies for Personally Identifiable Information Detection and Audits

Value of IT: Beyond the Theoretical

ERP Security and Segregation of Duties Audit: A Framework for Building an Automated Solution

Principles of IT Governance

Continuous Auditing Through Leveraging Technology

Usefulness of an Information Security Management Maturity Model

Plus - CPE Quiz #69

Choosing and Using Sarbanes-Oxley Software

Social Engineering: A Tip of the Iceberg - With the evolution of information technology towards constructive causes, antisocial elements have quickly followed and today one of the biggest problems faced by IT is hacking. Social engineering involves gaining sensitive information or unauthorized access privileges by building inappropriate trust relationships with insiders.

Red Teams: An Audit Tool, Technique and Methodology for Information Assurance

Social Engineering: A Tip of the Iceberg

CPE Quiz #87, based on volume 6, 2002

Return on Information Technology

Continuous Auditing From a Practical Perspective

Benchmark Yourself Against the Best in the World

CISAs and CISMs Working in Sync: How Their Individual Contributions Together Can Achieve Effective IT Risk Management

The Hidden Values of IT Risk Management

Deploying Wireless Technology-A Case for IT Governance

Deploying Wireless Technology -- A Case for IT Governance - The success of a wireless deployment depends on the appropriateness of the components selected from each of these categories. Furthermore, the mere investment in new technologies is not enough. Its success is reliant on its deployment through such frameworks as IT governance.

Information Security Policies and Controls for a Trusted Environment

Introduction to Voice-over IP Technology

The Auditor's Prerogative to Review Internal Controls

Achieving Privacy Through Security Measures

Value Chain Control -- An IT Control Approach That Puts Business in the Centre

CPE Quiz #99 - Based on volume 6, 2004

Wireless LAN Risks and Vulnerabilities - This article provides an overview of how wireless LANs work, while reviewing the risks, vulnerabilities and threats that affect wireless networks differently from their wired brethren.

Wireless LAN Risks and Vulnerabilities

CPE Quiz #106 - Based on Volume 6, 2005

CPE Quiz #117 - Based on Volume 6, 2007

CPE Quiz #93, based on volume 6, 2003

CPE Quiz #111 - Based on Volume 6, 2006

ISACA Bookstore Price List Supplement

Plus - ISACA Bookstore Offerings - Supplement

Plus - ISACA Bookstore Price List - Supplement