Frameworks for Audit of an Information System in Practice

Abstract

The IT function became the backbone of the company and the central driving force of the entire operations of an organization. Modern electronic commerce is very dependent on the quality of information system supported with information technology. Safety aspects of business and electronic transactions transfer (Internet-supported), particularly in the banking sector, require a more complex audit of the organization, both financial and the information system audit. This paper presents the basic and in practice most frequently applied standards and guidelines for checking of security controls in information systems. The work presents the COBIT and ITIL as the two most prevalent methodologies for quality audit of information systems with the presentation of two ISO 27000 series of standards on information security.