scispace - formally typeset
Search or ask a question
Topic

Information security audit

About: Information security audit is a research topic. Over the lifetime, 2284 publications have been published within this topic receiving 39973 citations.


Papers
More filters
Book
12 Dec 2002
TL;DR: Principles of Information Security, Third Edition builds on internationally recognized standards and bodies of knowledge to provide the knowledge and skills that information systems students need for their future roles as business decision-makers.
Abstract: Explore the field of information security and assurance with this valuable resource that focuses on both the managerial and technical aspects of the discipline. Principles of Information Security, Third Edition builds on internationally recognized standards and bodies of knowledge to provide the knowledge and skills that information systems students need for their future roles as business decision-makers. Coverage includes key knowledge areas of the CISSP (Certified Information Systems Security Professional), as well as risk management, cryptography, physical security, and more. The third edition has retained the real-world examples and scenarios that made previous editions so successful, but has updated the content to reflect technologys latest capabilities and trends. With this emphasis on currency and comprehensive coverage, readers can feel confident that they are using a standards-based, content-driven resource to prepare them for their work in the field.

911 citations

Proceedings ArticleDOI
10 Dec 2001
TL;DR: The author puts forward a contrary view: information insecurity is at least as much due to perverse incentives as it is due to technical measures.
Abstract: According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. The author puts forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons.

792 citations

Journal ArticleDOI
TL;DR: Investigation of whether a management decision to invest in IS security results in more effective control of computer abuse indicates that security countermeasures that include deterrent administrative procedures and preventive security software will result in significantly lower computer abuse.
Abstract: Information security has not been a high priority for most managers. Many permit their installations to be either lightly protected or wholly unprotected, apparently willing to risk major losses from computer abuse. This study, based on the criminological theory of general deterrence, investigates whether a management decision to invest in IS security results in more effective control of computer abuse. Data gathered through a survey of 1,211 randomly selected organizations indicates that security countermeasures that include deterrent administrative procedures and preventive security software will result in significantly lower computer abuse. Knowledge about these relationships is useful for making key decisions about the security function.

767 citations

Book
01 Jan 2014
TL;DR: Elder and Beasley as discussed by the authors brought two new co-authors (Elder & Beasley) aboard, and the new edition is available in two versions, has a new Chapter 8 on "Client Business Risk," a heavy integration of information technology and e-commerce into every chapter and the assignment material, new streaming videos from the text Web site featuring Al Arens introducing key auditing topics.
Abstract: The #1 market-leader now brings two new co-authors (Elder & Beasley) aboard! The new edition is available in two versions, has a new Chapter 8 on "Client Business Risk," a heavy integration of information technology and e-Commerce into every chapter and the assignment material, new streaming videos from the text Web site featuring Al Arens introducing key auditing topics. The package includes new casebooks, new practice sets, a Free case on Enron, new Excel manual, and on-line supplements!"

663 citations

Journal ArticleDOI
TL;DR: It will be demonstrated that it is extremely difficult to audit human behaviour and so an alternative method to behavioural auditing needs to be found, where policing the employee is not necessary, but instead a softer, more informal approach is used to change the culture to a more information security conscious one.

446 citations


Network Information
Related Topics (5)
Business process
31.2K papers, 512.3K citations
76% related
Encryption
98.3K papers, 1.4M citations
75% related
Authentication
74.7K papers, 867.1K citations
75% related
Public-key cryptography
27.2K papers, 547.7K citations
75% related
Software development
73.8K papers, 1.4M citations
74% related
Performance
Metrics
No. of papers in the topic in previous years
YearPapers
202314
202245
20213
20204
20196
20186