[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Paper - Audit Taxonomy
From:       "Craig Wright" <Craig.Wright () bdo ! com ! au>
Date:       2007-06-20 20:53:10
Message-ID: FE390886392A1F43BCF9FF279DA199742234E6 () nt03 ! bdonsw ! local
[Download RAW message or body]

Hello,
A while back now I mentioned that I was going to write a definative paper on audit \
terminology. A few people asked me to forward this and I know a people had been \
looking to pick it apart ;). The paper is now released (a little latter than \
anticipated, but such is life).   
It is titled:
"A Taxonomy of Information Systems Audits, Assessments and Reviews".
 
It is available directly from:
http://www.sans.org/reading_room/whitepapers/auditing/1801.php
 
Or via the SANS reading room at:
http://www.sans.org/reading_room/last.php     and
http://www.sans.org/reading_room/whitepapers/auditing/
 
The assertions made in the paper are validated experimentally in the second half of \
the paper for those who enjoy a little math.  
Regards,
Craig S Wright
 
Abstract:
Common misconceptions plague information systems audit as to the nature of security,
audit and assessment types and definitions. The dissertation aims at being a \
definitive guide to define the terminology and detail the related methodologies \
across the range of information assurance services. The idea is to not only detail \
and define the types of audit, assessment inspections [etc], but to compare and \
evaluate the various strengths and benefits of each in a simple and referential \
critique that may remove an abstraction of error and confusion surrounding these \
services. The paper will cover the types, history and basis for each type of service. \
The paper statistically compares the strengths and weaknesses of each and sets out a \
scientifically repeatable foundation for the deterministic nomenclature used in the \
industry.

Craig Wright
Manager of Information Systems

Direct : +61 2 9286 5497
Craig.Wright@bdo.com.au
+61 417 683 914

BDO Kendalls (NSW)
Level 19, 2 Market Street Sydney NSW 2000
GPO BOX 2551 Sydney NSW 2001
Fax +61 2 9993 9497
www.bdo.com.au

Liability limited by a scheme approved under Professional Standards Legislation in \
respect of matters arising within those States and Territories of Australia where \
such legislation exists.

The information in this email and any attachments is confidential.  If you are not \
the named addressee you must not read, print, copy, distribute, or use in any way \
this transmission or any information it contains.  If you have received this message \
in error, please notify the sender by return email, destroy all copies and delete it \
from your system. 

Any views expressed in this message are those of the individual sender and not \
necessarily endorsed by BDO Kendalls.  You may not rely on this message as advice \
unless subsequently confirmed by fax or letter signed by a Partner or Director of BDO \
Kendalls.  It is your responsibility to scan this communication and any files \
attached for computer viruses and other defects.  BDO Kendalls does not accept \
liability for any loss or damage however caused which may result from this \
communication or any files attached.  A full version of the BDO Kendalls disclaimer, \
and our Privacy statement, can be found on the BDO Kendalls website at \
http://www.bdo.com.au or by emailing administrator@bdo.com.au.

BDO Kendalls is a national association of separate partnerships and entities.


[prev in list] [next in list] [prev in thread] [next in thread]