Rolling Meadows, IL, USA—Global business technology and information security association ISACA has released new audit and assurance programs within the data privacy, mobile computing, Secure Shell (SSH) Protocol, data management and software spaces.
To help facilitate an enterprise’s evaluation of mobile computing programs in the age of Bring Your Own Device (BYOD), the Mobile Computing Audit/Assurance Program covers risks associated with mobile computing across the following:
- Governance
- Remote access
- Data loss
- Malware
- Incident response
The Data Privacy Audit/Assurance Program provides organizations with a means to assess the effectiveness of their practices around data governance for privacy. The program was created to share control objectives and controls in areas of data privacy, starting from data collection all the way through incident management.
Created to connect remote servers and clients more securely using encryption, authentication and other security mechanisms, Secure Shell (SSH) still has its share of vulnerabilities. Aimed to assist enterprises running SSH for compliance and other operational initiatives, ISACA’s SSH Protocol Audit/Assurance Program is designed to assess areas that include:
- Configuration of SSH alignment with enterprise SSH strategy and protocols
- Policies and practices
- Sufficient authentication and key management procedures to detect unauthorized access, misconfigured keys and other vulnerabilities
The objective of the Windows File Server Audit/Assurance Program is to ensure that auditors are mitigating network risks, enhancing operating-system security and providing administrator access based on the principle of least privilege, in an effort to ensure that data is properly stored and managed in Windows File servers. The audit program considers functionality across different versions of Windows File servers, taking into account potential risks and associated controls. The audit program provides a more in-depth look into the following:
- Access control management
- Network security
- Incident management
- Physical security
As software development continues to evolve and remain a vital part of IT, its methodologies must adapt to the changing technology landscape. Auditors must inform management on the effectiveness of software assurance governance, application development, verification and review, and deployment. Auditors will find guidance in the Software Audit/Assurance Program regarding the scope of review depending on business requirements. The program covers controls and testing steps associated with organizational governance and other process areas.
In the healthcare space, ISACA recently released the Health Insurance Portability and Accountability Act (HIPAA) Audit/Assurance Program for auditors to assist in evaluating processes, controls and policies internally related to protected health information (PHI) and HIPAA. Areas of focus in the program include but are not limited to:
- Authentication
- Access management
- Continuous monitoring
Many companies are faced with “shadow IT”—technology systems and solutions used at an organization without the knowledge or approval of the organization’s IT department. The objective of the Shadow IT Audit/Assurance Program is to provide management with an evaluation of how effectively shadow IT is being governed, monitored and managed so that the risks associated with shadow IT can be assessed.
ISACA audit programs have been developed and reviewed by audit/assurance professionals worldwide and are accompanied with an Excel spreadsheet, customizable for each individual assurance process environment. They can be downloaded to allow customization that fits varying work environments. All programs are available for $25 to members and $50 for non-members, with the exception of the SSH Protocol program and the Shadow IT program, which are available at no cost to members and $50 for non-members.
For more information, please visit ISACA’s Audit and Assurance Programs page.
About ISACA
Nearing its 50th year, ISACA (kingpaq.com) is a global association helping individuals and enterprises achieve the positive potential of technology. Today’s world is powered by technology, and ISACA equips professionals with the knowledge, credentials, education and community to advance their careers and transform their organizations. ISACA leverages the expertise of its half-million engaged professionals in information and cyber security, governance, assurance, risk and innovation, as well as its enterprise performance subsidiary, CMMI Institute, to help advance innovation through technology. ISACA has a presence in more than 188 countries, including more than 215 chapters and offices in both the United States and China.
Twitter: http://twitter.com/ISACANews
LinkedIn: http://www.linkedin.com/company/isaca
Facebook: www.facebook.com/ISACAHQ
Instagram: http://www.instagram.com/isacanews
