Bem-vindo à seção de livros recomendados sobre Auditoria de TI e Auditoria de Sistemas. Esta seção é dedicada a profissionais e estudantes interessados em aprimorar seus conhecimentos nessas áreas. Selecionamos cuidadosamente livros de alta qualidade, escritos por especialistas renomados no assunto, para ajudá-lo a se manter atualizado e a aprimorar suas habilidades.
A lista é atualizada regularmente, por isso, certifique-se de visitar esta página com frequência para acessar as últimas recomendações. Cada livro inclui informações detalhadas, como o autor, uma breve descrição do conteúdo e link para adquiri-lo.
Auditoria da tecnologia da informação reúne um conjunto de conhecimentos e práticas empresariais em constante mutação, exigindo dos profissionais das áreas organizacionais contínua atualização.
Com conteúdo renovado e exemplos da aplicabilidade e uso das ferramentas para exercício em auditoria em informática, expõe as percepções da auditoria de sistemas de informação, atendendo a necessidades acadêmicas e empresariais para melhor gestão dos negócios informatizados.
Torna-se necessário simplificar o assunto Auditoria de Sistemas para diversas audiências, seja o próprio auditor, o agente de segurança da informação, o gestor de TI ou mesmo a própria área de negócio, interessada em manter um nível maior de controle sobre seus processos automatizados.
Esta obra aborda, de maneira concreta e objetiva, o principal problema de algumas áreas de auditoria, ou seja, a ausência de vivência prática do auditor de sistemas com formação em TI no meio empresarial, bem como sua inter-relação com o processo de Governança Corporativa.
Baseado em melhores práticas internacionais, o livro orienta os profissionais com informações atualizadas sobre o ciclo de vida da auditoria de tecnologia da informação.
A informação é o bem mais precioso e estratégico do século XXI. A era da informação disponibiliza este bem em um volume significativo e sem precedentes na história. A preocupação com as ameaças à confidencialidade, integridade e disponibilidade também é crescente e o assunto tem sido tratado nas reuniões dos CIOs e CSOs das grandes corporações.
Esta obra foi revisada, atualizada e ampliada para aprofundar a relação da Engenharia de Software com a Segurança da Informação, procurando auxiliar o leitor a desenvolver softwares potencialmente seguros.
O livro possui quatro partes que vão aprofundar o tema Segurança e Auditoria em Sistemas de Informação. Com uma linguagem simples e acessível, o livro aborda: Segurança da Informação em seus aspectos mais amplos, Segurança no Contexto do Desenvolvimento de Software, Auditoria em Sistemas de Informação e ainda a Administração Estratégica da Segurança da Informação. O livro traz ainda um resumo das normas ISO/IEC 27.002 e ISO/IEC 15.408.
A gestão do negócio é o ambiente de atuação da função administrativa de auditoria e tem como principal finalidade a tomada de decisão na perspectiva da mudança do processo ou produto para continuidade organizacional.
A auditoria da gestão exerce a revisão do processo da estratégia, da tática e da operação organizacional, junto à logística e à controladoria. Ocorre tanto em entidades privadas quanto públicas, com foco no cenário atual e futuro. Após esta etapa, são gerados dois tipos de recomendação: recomendações-benefício elaboradas a partir da perspectiva do usuário, cliente ou consumidor do produto ou serviço e recomendações-custo, que visam minimizar o uso e o consumo dos recursos ou atividades dos processos de negócio organizacional.
Quando a auditoria ocorre em todos os ambientes e tecnologias organizacionais, serve como um aprendizado constante e permite que o auditor seja um termômetro das práticas e resultados vivenciados pela empresa.
A presente obra trata dos assuntos: auditoria da gestão, processo e produto, técnicas e procedimentos de auditoria, controle interno, auditoria operacional e de sistemas, métodos, técnicas e aplicações de auditoria operacional e de sistemas e auditoria do ambiente de tecnologia da informação.
Este livro trata dos conceitos envolvidos no controle de acesso, desde os relacionados a questões técnicas até os relacionados a processos.
Aborda processos e ferramentas de auditoria, acesso lógico, auditoria de redes de computadores, de sistemas operacionais e de aplicativos, apresentando também ferramentas de segurança, como firewalls, proxies, IDS e filtros de conteúdo, e o tema gerenciamento de risco e continuidade de negócios.
O objetivo é apresentar uma visão geral dos aspectos mais importantes da auditoria e do controle de acesso.
Esteja preparado para salvar a sua vida e os seus negócios em caso de um incidente ou desastre. Tenha um “plano B” profissional.
As empresas devem analisar detalhadamente o risco de parada nos processos críticos do seu negócio. Esse risco deve ser entendido do ponto de vista corporativo. Devemos, então, avançar à Gestão de Continuidade de Negócios para a distribuição de responsabilidades na sua organização, mantendo assim os processos de negócio operando de forma contínua.
Uma interrupção no processo de negócio crítico pode ocasionar perdas significativas para sua empresa.
Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Third Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program.
New chapters on auditing cybersecurity programs, big data and data repositories, and new technologies are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource.
The new fifth edition of Information Technology Control and Audit has been significantly revised to include a comprehensive overview of the IT environment, including revolutionizing technologies, legislation, audit process, governance, strategy, and outsourcing, among others. This new edition also outlines common IT audit risks, procedures, and involvement associated with major IT audit areas. It further provides cases featuring practical IT audit scenarios, as well as sample documentation to design and perform actual IT audit work.
Filled with up-to-date audit concepts, tools, techniques, and references for further reading, this revised edition promotes the mastery of concepts, as well as the effective implementation and assessment of IT controls by organizations and auditors.
When it comes to computer security, the role of auditors today has never been more crucial. Auditors must ensure that all computers, in particular those dealing with e-business, are secure.
The only source for information on the combined areas of computer audit, control, and security, the IT Audit, Control and Security describes the types of internal controls, security, and integrity procedures that management must build into its automated systems.
This very timely book provides auditors with the guidance they need to ensure that their systems are secure from both internal and external threats.
There are many webinars and training courses on Data Analytics for Internal Auditors, but no handbook written from the practitioner’s viewpoint covering not only the need and the theory, but a practical hands-on approach to conducting Data Analytics.
The spread of IT systems makes it necessary that auditors as well as management have the ability to examine high volumes of data and transactions to determine patterns and trends. The increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools.
This book takes an auditor from a zero base to an ability to professionally analyze corporate data seeking anomalies.
Operational Auditing: Principles and Techniques for a Changing World, 2nd edition, explains the proven approaches and essential procedures to perform risk-based operational audits. It shows how to effectively evaluate the relevant dynamics associated with programs and processes, including operational, strategic, technological, financial and compliance objectives and risks.
This book merges traditional internal audit concepts and practices with contemporary quality control methodologies, tips, tools and techniques. It explains how internal auditors can perform operational audits that result in meaningful findings and useful recommendations to help organizations meet objectives and improve the perception of internal auditors as high-value contributors, appropriate change agents and trusted advisors.
The 2nd edition introduces or expands the previous coverage of: (i) Control self-assessments; (ii) The 7 Es framework for operational quality; (iii) Linkages to ISO 9000; (iv) Flowcharting techniques and value-stream analysis; (v) Continuous monitoring; (vi) The use of Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs); (vii) Robotic process automation (RPA), artificial intelligence (AI) and machine learning (ML); (viii) Adds a new chapter that will examine the role of organizational structure and its impact on effective communications, task allocation, coordination, and operational resiliency to more effectively respond to market demands.
Part of the Jones& Bartlett Learning Information System Security & Assurance Series!
The Second Edition of Auditing IT Infrastructures for Compliance provides a unique, in-depth look at recent U.S. based Information systems and IT infrastructures compliance laws in both the public and private sector.
Written by industry experts, this book provides a comprehensive explanation of how to audit IT infrastructures for compliance based on the laws and the need to protect and secure business and consumer privacy data. Using examples and exercises, this book incorporates hands-on activities to prepare readers to skillfully complete IT compliance auditing.
The Complete Guide to Cybersecurity Risks and Controls presents the fundamental concepts of information and communication technology (ICT) governance and control. In this book, you will learn how to create a working, practical control structure that will ensure the ongoing, day-to-day trustworthiness of ICT systems and data. The book explains how to establish systematic control functions and timely reporting procedures within a standard organizational framework and how to build auditable trust into the routine assurance of ICT operations.
The book is based on the belief that ICT operation is a strategic governance issue rather than a technical concern. With the exponential growth of security breaches and the increasing dependency on external business partners to achieve organizational success, the effective use of ICT governance and enterprise-wide frameworks to guide the implementation of integrated security controls are critical in order to mitigate data theft. Surprisingly, many organizations do not have formal processes or policies to protect their assets from internal or external threats.
The ICT governance and control process establishes a complete and correct set of managerial and technical control behaviors that ensures reliable monitoring and control of ICT operations. The body of knowledge for doing that is explained in this text. This body of knowledge process applies to all operational aspects of ICT responsibilities ranging from upper management policy making and planning, all the way down to basic technology operation.
The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management.
This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management.
It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an “application” of the risk management process as well as the fundamental elements of control formulation within an applied context.
IT Auditing Defined will allow readers to grasp the key concepts of Information Technology Auditing and its many facets.
It aims to deliver significant experience to an individual who is interested in learning more about the “Execution” of performing IT Audits within the federal space and preparing a Federal Agency for an external audit.
It walks through the basics of Planning and Scoping, Test of Design, Test of Effectiveness, Workpaper documentation, NFR preparation, and communication with upper management in order to remediate control gaps.
Step-by-step guide to successful implementation and control of IT systems including the Cloud.
Many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Now in a Second Edition, Auditor’s Guide to IT Auditing presents an easy, practical guide for auditors that can be applied to all computing environments.
Contents: Follows the approach used by the Information System Audit and Control Association’s model curriculum, making this book a practical approach to IS auditing. Serves as an excellent study guide for those preparing for the CISA and CISM exams. Includes discussion of risk evaluation methodologies, new regulations, SOX, privacy, banking, IT governance, CobiT, outsourcing, network management, and the Cloud.
As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. Auditor’s Guide to IT Auditing, Second Edition empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.
As the power of computing continues to advance, companies have become increasingly dependent on technology to perform their operational requirements and to collect, process, and maintain vital data.
This increasing reliance has caused information technology (IT) auditors to examine the adequacy of managerial control in information systems and related operations to assure necessary levels of effectiveness and efficiency in business processes. In order to perform a successful assessment of a businesss IT operations, auditors need to keep pace with the continued advancements being made in this field.
IT Auditing Using a System Perspective is an essential reference source that discusses advancing approaches within the IT auditing process, as well as the necessary tasks in sufficiently initiating, inscribing, and completing IT audit engagement. Applying the recommended practices contained in this book will help IT leaders improve IT audit practice areas to safeguard information assets more effectively with a concomitant reduction in engagement area risks.
Featuring research on topics such as statistical testing, management response, and risk assessment, this book is ideally designed for managers, researchers, auditors, practitioners, analysts, IT professionals, security officers, educators, policymakers, and students seeking coverage on modern auditing approaches within information systems and technology.
Gain a thorough understanding of how modern audits are conducted in today’s computer-driven business environment with Information Technology Auditing, 4E.
You gain valuable insights into state-of-the-art auditing issues as this leading accounting text provides you with the background you need to succeed in today’s business world.
This edition focuses on the latest information technology aspects of auditing with up-to-date coverage of auditor responsibilities, emerging legislation, and today’s fraud techniques and detection. The book focuses on key information technology aspects of auditing, including coverage of transaction processing, Sarbanes-Oxley implications, audit risk, and the COSO control framework. Students review general and application control issues, the latest in fraud techniques and detection, today’s IT outsourcing issues and concerns, and modern enterprise system risks and controls.
Expanded end-of-chapter questions, problems, and cases give you important hands-on practice for success in your future career.
A comprehensive guide to understanding and auditing modern information systems.
The increased dependence on information system resources for performing key activities within organizations has made system audits essential for ensuring the confidentiality, integrity, and availability of information system resources. One of the biggest challenges faced by auditors is the lack of a standardized approach and relevant checklist. Understanding and Conducting Information Systems Auditing brings together resources with audit tools and techniques to solve this problem.
Featuring examples that are globally applicable and covering all major standards, the book takes a non-technical approach to the subject and presents information systems as a management tool with practical applications. It explains in detail how to conduct information systems audits and provides all the tools and checklists needed to do so. In addition, it also introduces the concept of information security grading, to help readers to implement practical changes and solutions in their organizations.
Today, information technology plays a pivotal role in financial control and audit: most financial data is now digitally recorded and dispersed among servers, clouds and networks over which the audited firm has no control. Additionally, a firm’s data—particularly in the case of finance, software, insurance and biotech firms— comprises most of the audited value of the firm. Financial audits are critical mechanisms for ensuring the integrity of information systems and the reporting of organizational finances. They help avoid the abuses that led to passage of legislation such as the Foreign Corrupt Practices Act (1977), and the Sarbanes-Oxley Act (2002).
Audit effectiveness has declined over the past two decades as auditor skillsets have failed to keep up with advances in information technology. Information and communication technology lie at the core of commerce today and are integrated in business processes around the world. This book is designed to meet the increasing need of audit professionals to understand information technology and the controls required to manage it. The material included focuses on the requirements for annual Securities and Exchange Commission audits (10-K) for listed corporations. These represent the benchmark auditing procedures for specialized audits, such as internal, governmental, and attestation audits.
Using R and RStudio, the book demonstrates how to render an audit opinion that is legally and statistically defensible; analyze, extract, and manipulate accounting data; build a risk assessment matrix to inform the conduct of a cost-effective audit program; and more.
This book discusses various common occupational and organizational fraud schemes, based on the Association of Certified Fraud Examiners (ACFE) fraud tree and assist fraud examiners and auditors in correctly choosing the appropriate audit tests to uncover such various fraud schemes.
The book also includes information about audit test red flags to watch out for, a list of recommended controls to help prevent future fraud related incidents, as well as step-by-step demonstrations of a number of common audit tests using IDEA® as a CAATT tool.
Over the last few years, financial statement scandals, cases of fraud and corruption, data protection violations, and other legal violations have led to numerous liability cases, damages claims, and losses of reputation. As a reaction to these developments, several regulations have been issued: Corporate Governance, the Sarbanes-Oxley Act, IFRS, Basel II and III, Solvency II and BilMoG, to name just a few. In this book, compliance is understood as the process, mapped not only in an internal control system, that is intended to guarantee conformity with legal requirements but also with internal policies and enterprise objectives (in particular, efficiency and profitability).
The current literature primarily confines itself to mapping controls in SAP ERP and auditing SAP systems. Maxim Chuprunov not only addresses this subject but extends the aim of internal controls from legal compliance to include efficiency and profitability and then well beyond, because a basic understanding of the processes involved in IT-supported compliance management processes are not delivered along with the software.
Starting with the requirements for compliance (Part I), he not only answers compliance-relevant questions in the form of an audit guide for an SAP ERP system and in the form of risks and control descriptions (Part II), but also shows how to automate the compliance management process based on SAP GRC (Part III). He thus addresses the current need for solutions for implementing an integrated GRC system in an organization, especially focusing on the continuous control monitoring topics.
Operational Assessment of IT presents ideas and concepts of optimization designed to improve an organization’s business processes and assist business units in meeting organizational goals more effectively. Rather than focus on specific technologies, computing environments, enterprise risks, resource programs, or infrastructure, the book focuses on organizational processes. Throughout the book, the author presents concerns and environments encountered throughout his career to demonstrate issues and explain how you, too, can successfully implement the tools presented in the book.
The assessment process reviews the economics as well as the effectiveness and efficiency of the process. Whether your organization is profit-based, not-for-profit, or even governmental, you cannot provide services or products at a continuous loss. For an operational assessment to be of value, the ultimate goal must be to insure that the business unit process is effective and efficient and employs the financial assets and resources appropriately or helps the business unit make adjustments to improve the operation and use resources more efficiently and economically.
After reading this book, you will be able to devise more efficient and economical ways to meet your customers’ requirements, no matter who or where your customers are. You will learn that the goal of any process is to service or supply customers with what they want. The book provides tools and techniques that will assist you in gaining a 360-degree view of the process so that you can help the business unit improve the delivery of a quality product or a service to the customer.
This book illustrates the importance of business impact analysis, which covers risk assessment, and moves towards better understanding of the business environment, industry specific compliance, legal and regulatory landscape and the need for business continuity. The book provides charts, checklists and flow diagrams that give the roadmap to collect, collate and analyze data, and give enterprise management the entire mapping for controls that comprehensively covers all compliance that the enterprise is subject to have. The book helps professionals build a control framework tailored for an enterprise that covers best practices and relevant standards applicable to the enterprise.
Você já viu as outras indicações?
Para melhor navegação (e organização, claro), as indicações de livros estão separadas de acordo com as temáticas.
Dessa forma, considere acessar os demais:
- Compliance, Riscos, Controles e Auditoria
- Crimes Cibernéticos e Direito Digital
- Proteção e Privacidade de Dados Pessoais
- Segurança da Informação e Cibersegurança
- Soft Skills, Liderança, Gestão e Inovação
Transparência: Comprando pelos links dessa página (que direcionam à Amazon), o preço não muda para o consumidor e o site ganha uma pequena comissão sobre a venda do livro.