skip navigation

PUBLICATIONS

Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.

 

NCJ Number: 66843 Find in a Library
Title: INTERNAL AUDITOR'S INFORMATION SECURITY HANDBOOK
Author(s): B J WILKINS
Corporate Author: Institute of Internal Auditors, Inc
United States of America
Date Published: 1979
Page Count: 124
Sponsoring Agency: Institute of Internal Auditors, Inc
Altamonte Springs, FL 32701
Sale Source: Institute of Internal Auditors, Inc
249 Maitland Avenue
Altamonte Springs, FL 32701
United States of America
Language: English
Country: United States of America
Annotation: THIS HANDBOOK PROVIDES A COMPREHENSIVE INFORMATION-SECURITY PROGRAM, CHECKLISTS, AND AN AUDIT APPROACH TO ASSESSING THE EFFECTIVENESS OF THE INFORMATION-SECURITY PROGRAM WITHIN AN ORGANIZATION.
Abstract: THE SCOPE OF THE HANDBOOK IS LIMITED TO INFORMATION SECURITY, THE PREVENTION OF INFORMATION FROM BEING DISCLOSED TO AN UNAUTHORIZED RECIPIENT. THE INTERNAL ADUITOR MUST HELP MANAGEMENT ENSURE THAT ITS CONFIDENTIAL INFORMATION IS PROTECTED. THE HANDBOOK PRESENTS AN ANALYSIS OF INFORMATION-SECURITY EXPOSURES AND DISCUSSES ALTERNATIVE CONTROLS, SOLUTIONS, AND AUDIT APPROACHES. THE BOOK NOTES THAT (1) AN ORGANIZATION'S INFORMATION-SECURITY PROGRAM IS BASED ON ITS IDENTIFICATION AND CLASSIFICATION SYSTEM AND REQUIRES THE INVOLVEMENT OF ALL EMPLOYEES, (2) THE CLASSIFICATION CATEGORY DETERMINES HOW MUCH PROTECTION THE INFORMATION WILL BE AFFORDED, AND (3) SECURITY CONTROLS AND PROCEDURES MUST BE CONSISTENT WITH THE VALUE OF THE INFORMATION BEING PROTECTED, IT IS POINTED OUT THAT DATA SECURITY MUST BE PROPERLY INTEGRATED INTO A COMPANY'S TOTAL INFORMATION-SECURITY PROGRAM FOR THE PROGRAM TO BE EFFECTIVE. THE BOOK INCLUDES AN INFORMATION-SECURITY AUDIT GUIDE AND EVALUATION TABLE FOR CONDUCTING AUDITS, AS WELL AS 20 CHECKLISTS WHICH ORGANIZATIONS CAN USE TO DEVELOP INFORMATION-SECURITY PROGRAMS OF THEIR OWN. TABLES, FOOTNOTES, AND A BIBLIOGRAPHY OF ABOUT 40 REFERENCES ARE INCLUDED, AS WELL AS A POCKET CHECKLIST FOR INFORMATION SECURITY. (PRG)
Index Term(s): Audits; Computer crime prevention measures; Computer privacy and security; Data security
To cite this abstract, use the following link:
http://www.ncjrs.gov/App/publications/abstract.aspx?ID=66843

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.