One audit standard fits all?
- Challenges Policy Makers face to Counter Cybercrime
- Cybercrime vs Traditional Crime
- Risks, Threats and Vulnerabilities
- Security Policies
- Cost and Challenges with E-Government
- Cultural Values and Moral Legitimacy
- One audit standard fits all?
- Mobile Security
- Will the Mandiant Report Raise Public Awareness?
- Ethical vs Non-Ethical Hackers
- Motivation and Intent of Hackers
- Hacking as an Addiction
- Online Anonymity: Good or Bad?
- Identity Theft and Inexperienced Internet Users
- Regulation vs Innovation
- 3D Printing, Copyright and Legal Matters
- Software Piracy on an International Scale
- Workplace Monitoring and Blocking Software
Computer applications are constantly evolving; while web based systems continue to grow in complexity. It is essential that these systems are properly secured both at the server level as well as at the code or application level, therefore Information Systems audit standards, more specifically focused on application and development measures provide some of the most useful valuable information at an organizations disposal. System audits should be carried out before deployment of new and rebuilt systems using a mix of outside consultants or security professionals as well as software solutions.
There is a reason that the United States legislation is sectoral in nature, where laws are drawn along industry lines. We see this in current regulations such as FISMA which regulates federal government agencies, while the Gramm Leach Bliley Act regulates financial institutions. Schwartz (2009) argues if we were to go against this approach and try to implement a non-secular set of regulations, such a law would be difficult to amend, and would, therefore, become outdated as technological changes undermine such a stature’s regulatory assumptions.” If one set of regulations could ‘fit all’ industries, then it have to be very general and much less specific to the actual needs of the organizations effected. Likewise, it is not realistic to assume that an all-encompassing non-industry specific set of audit standards could be designed to comprehensively work with the organization.
- Bosworth, S., Kabay, M.E., & Whyne, E. (2009). Computer Security Handbook. Volume 2. Hoboken, NJ: John Wiley & Sons, Inc.
- HP. (2010). HP WebInspect Datasheet. Retrieved from http://www8.hp.com/us/en/software-solutions/software.html?compURI=1341991#.UTf0Fhxwp-0
- Schwartz, P., M. (2009). Preemption and Privacy. 118 YALE L.J. 902, 906–22 pt. I. Retrieved from: http://www.ntia.doc.gov/comments/100402174-0175-01/attachments/preemption_and_privacy.pdf