System category: organized and compiled according to the "National Information System Curriculum System of Colleges and Universities" approved by the Teaching Steering Committee of Management Science and Engineering Discipline of the Ministry of Education; Synchronization with the title of ACM and IEEE/CS Computing Course 2005 in the United States: Audit, Control and Management of Information Systems
Editor: Chen Geng, Lu
Publishing House: Tsinghua University Publishing House
Release date: 20 14
Format: 16 Pricing: 44.50 yuan Content Description This book focuses on the three basic functions of modern information system auditing (auditing, control and management). In the aspect of audit function, the purpose and essence of audit are highlighted and carried out according to three basic audit types: authenticity audit, safety audit and performance audit. On the control function, IT introduces all aspects of IT internal control with IT security as the core. In terms of management functions, IT is risk-oriented and revolves around IT risk management. The structure of this book is novel and unique, which is systematic and theoretical, practical and operable. Each book contains a case, which can be used to organize teaching around the case. It is suitable for undergraduate and graduate students majoring in information management, accounting, auditing, financial management, enterprise management and computer application in colleges and universities as teaching materials or reference books. The book also provides a large number of practical forms to provide work guidance for information system auditors, internal auditors, certified public accountants, management consultants, enterprise managers and other professionals. This is a practical reference book. The first general chapter of this book 1 overview of information system audit 1. 1 history of information system audit 1 early information system audit 1. 1.2 the formation of modern information system audit 1.2 the concept of information system audit 650. Kloc-0/. 5465666536 1.3 Information System Auditing Specification1.31Information System Auditing Related Organizations 1.3.2ISACA Standard System 1.3.3 Professional Standards for Auditors/Kloc-0. Laws Related to Computer Crime Chapter II Implementation of Information System Audit 2. 1 Controlling Audit Risk 2. 1 What is Audit Risk 2. 1.2 Characteristics of Audit Risk 2. 1.3 Model of Audit Risk 2. 1.4 Evaluating Inherent Risk and Controlling Risk 2./Kloc .5 Determine the level of importance 2.655438+0.6 Control the risk of inspection 2.2 Formulate 2.3.2 Types of audit evidence 2.3.3.5 Adequacy of collecting evidence 2.3.6 Appropriateness of collecting evidence 2.3.7 Credibility of collecting evidence 2.4 Function of compiling working papers 2.4. 1 2.4.2 Classification of working papers 2.4.3 Precautions for compiling working papers 2.4.4 Review of working papers 2.4.5 Role of reports 2.5.2 Specification of audit reports 2.5.3 Format of audit reports 2.5.4 Overview of evidence collection methods for matters needing attention 3. 1 .2 Forensic Method 3.2 Digital Forensic Method 3.2.65438 3.2.2 Digital Forensic Function 3.2.3 Digital Forensic Method 3.2.4 Digital Forensic Tool 3.2.5 Digital Forensic Specification 3.3 Database Query Method 3.3. 1 Database Query Tool 3.3.2 Query Sheet Table 3.3.3 Statistical Sheet Table 3.3.4 Generate Audit Intermediate Table 3.3 Method 3 Bankruptcy-the Turning Point of Information System Audit Chapter 4 Overview of Authenticity Audit 4. 1 Concept of Authenticity Audit 4.65438+ Meaning 4. 1.2 Content of Authenticity Audit 4./kloc-0 .4 business process audit 4. 1.5 financial processing audit 4. 1.6 transaction activity audit 4. 1 .7 Method of Authenticity Audit 4.2 Management 2 Characteristics of Management Information System 4.2.3 Development of Management Information System 4.2.4 Conceptual Structure of Management Information System 4.2.5 Hierarchy Structure of Management Information System 4.2.6 Architecture of Management Information System 4.2.7 Hardware Structure of Management Information System 4.3 System Process Audit 4.3. 1 System process audit objective 4.3.2 Concept of data flow diagram 4. 4. 4. 3. 4 Drawing data flow diagram 4.3.5 Analyzing logical relationship of data 4.3.6 Finding audit trail chapter Financial information system 5. 1. 1 development process of financial information system 5. 1.2 Functions of financial information system 5. A/P subsystem 5. 1.5 Salary management subsystem 5. 1.6 Fixed assets subsystem 5. 1.7 Impact of financial information system on audit 5. 1.8 Audit contents of financial information system 5.2 Authenticity of financial processing 5.2. 1 Authenticity of general ledger subsystem 5.2.2 Main functions of general ledger subsystem 5.2.3 General ledger subsystem 5.2.4 Data source of general ledger subsystem 5.2.5 Initialization report 5.3.2 Main functions of report subsystem 5.3.3 Principle of automatic generation of processing flow table of report subsystem 5.3.5 Audit of report subsystem Chapter 6 Authenticity of trading activities 6. 1 E-commerce 6. . 1 concept of e-commerce 6. 1.2 function of e-commerce 6. 1.3 e-commerce architecture 6. 1 .4 E-commerce Workflow 6.65448 6.3.65438+ Construction of Denial Evidence 6.3.3 Overview of Non-repudiation Agreement 6.3.4 Security Essence of Non-repudiation Agreement 6. 3. 5 Week-Goldman Agreement 6.3.6 Case 2 "Infernal Affairs" in Supermarket-Fraud Makes Electronic Data Unreal Chapter 3 Security Audit Chapter 7 Security Audit Concept of security audit 7. 1.660 +0 Significance of security audit 7. 1.2 Security audit 7.2 System security standards 7.2. 1 Trusted computer system evaluation criteria 7.2.2 General criteria for information technology security evaluation 7.2.2. Security classification standard 7.3 physical security standard 7.3. 1 data center security standard 7.3.2 storage equipment security standard chapter 8 data security 8. 1 data security 8. 1 0.2 data confidentiality 8.10.3 data integrity 8.65438.50000000005 .5 Data security audit 8. 3.4 Role-based access control 8.4 Data integrity constraint 8.4. 1 Relationship between integrity and security 8.4.2 Data integrity 8.4.3 Integrity constraint 8.4.4 Integrity constraint mechanism 8.4.5 Statement of integrity constraint 8.4.6 Implementation of integrity constraint Chapter 9 Operating system security 9. 1 Security of operating system 9.65550 1 concept of operating system 9. 1.2 types of operating system 9.65438 security mechanism of operating system 9.65438.3000000606 evaluation of system security 9.2windows security mechanism 9.2. 1 Overview of windows Security Mechanism 9.2.2 Authentication 9.2.3 Access Control 9.2.4 Encrypted File System 9.2.5 Intrusion Detection 9.2.6 Event Audit 9.2. 1 Windows Log Management 9.3UNIX Security Mechanism 9.3. 1UNIX Security Mechanism 9.3.2 5438+0.7 Database Security mechanism of kloc-0/0.2 database system 10.2. 1 data backup strategy 10.2.2 database backup technology 10.2.3 database recovery technology 10.2.4 database audit function 65439.000000000001 0.3 server audit function 10.4.2 server audit 10.4.3 database-level audit 10.4.4 audit-level audit 10.4.5 audit-related data dictionary view chapter 1 1. 38+0. 1. 1 computer network1.2 network architecture11.3 network protocol composition1/kloc-0. Question 1 1.2 Prevention of network intrusion1.2.1network intrusion problem 1 1.2.2 Network intrusion technology1. Kloc-0/655 Effective Auditing Chapter 12 Overview of IT Performance Auditing 12. 1 Concept of Performance Auditing 12. 1 Emergence of Performance Auditing12.12 Performance. Accounting object12.10.5 classification of performance audit12.10.6 methods of performance audit12.10.7 evaluation criteria of performance audit12./kloc. 56437+0. 1 time value of funds 1 3.10.2 Some basic concepts13.10.3 capital equivalent calculation 13.2 software cost estimation13.2. 3.2 438+03.2.4 Software Cost Estimation/KOOC-0/3.3 Project Performance Evaluation 8+0 Complexity of IT Application Evaluation/KOOC-0/4./KOOC-0/./KOOC-0/Role of Enterprise Informatization/KOOC-0/4./KOOC-0/0.2 ERP Investment 66536.6586565866/KOOC-0/4.3.4 Use of Balanced Scorecard/KOOC-0/4.4 Construction of IT Balanced Scorecard/KOOC-0/4.4./KOOC-0/4.4.2 Financial Evaluation/KOOC-0/4.4. .6 Evaluation of Indicator Weight Case No.4 Xuji Company's ERP Implementation Failure-the Role of Performance Audit Chapter V Overview of it Internal Control15 15. 1. 1 internal control concept15./kloc- 438+0.3IT Importance of IT internal control/KOOC-0/5./KOOC-0/0.4 Definition of IT internal control/KOOC-0/5./KOOC-0/0.5 Standard of IT internal control/KOOC-0/5.2 Composition of IT internal control/KOOC-0/5.2./ Classification of IT internal control15.2.4+05.3 design of it internal control 15.3. 1 control design principles 15.3.2 functions of it internal control 15.3.3 design of control measures/ Chapter VI IT internal control application 16. 1 general control 16. 1 overview 1 6.10.2 organizational control16.10.3. 6.2.2 Input Control 654388+07.2.4 System Implementation Stage/KOOC-0/7.2.5 System Operation and Maintenance Stage/KOOC-0/7.2.6 Software Asset Control Measures/KOOC-0/7.2.7 Software Asset Change Control Measures/KOOC-0/7.3 Software Quality Standard. 7.3.3 Software Quality Control Measures Case 5 Incidents-The End of Traditional Internal Control Chapter 6 Risk Management IT Risk Management Overview 6638+0.3IT Risk Identification18.14 IT Risk Calculation18.15 IT Risk Treatment/kloc-0. 438+08.2.3IT Strategy Formulation/KOOC-0/8.2.4 IT Governance Objectives/KOOC-0/8.2.5 IT Governance Committee/KOOC-0/8.2.6 CIO/KOOC-0/8.2.7 Internal IT Audit/KOOC-0/. 8. 3. 4 IT Contents of IT Management 0.3 Emergency Response System/KOOC-0/9.2 Emergency Preparedness/KOOC-0/9.2./KOOC-0/Task Summary/KOOC-0/9.2.2 Emergency Response Plan Preparation/KOOC-0/9.2.3 Emergency Response Plan Preparation/KOOC-0. 09.3. 1 task summary 19.3.2 information security incident classification 19.3.3 information security incident determination 19.3.4 information security incident classification 19.4 emergency treatment19. Kloc-0/9.5 Tracking improvement 654338+0. 1 Importance of business continuity 20. 1.2 Factors affecting business continuity 20. 1.3 Formulation of business continuity plan 20. 1.4 Business impact analysis 20./Kloc-0 .5 Update of Business Continuity Plan 20.2 Construction of Security System 20.2. 1 Principles of Network Security Prevention 20 Security Architecture 20.2.3IPSec Security Architecture 20.2.4 Elements of Firewall Making Disaster Recovery Plan 20.3.8 Establishing an Effective Disaster Recovery System Case 691KLOC-0/Event-IT Risk to Enterprises