ISSAI Executive Summaries
ISSAI 5310 – Information System Security Review Methodology
The document is a guide for reviewing information system security (ISS) in government organisations. This overview aims to explain how methodology is organised and in what circumstances to use it.
|Level 4: Specific Auditing Guidelines - Guidelines on IT-audit|
Heads and Audit Directors of SAIs, External Governmental Auditors, Internal Auditors
The main objective of this guide is to assist SAIs that have such a mandate to review information system security programmes put in place by various government organisations. It can also be used by SAIs to set up comprehensive and cost effective security programmes covering key information systems in their own office.
This guide is not a detailed security audit guide: it is a description of a structured approach to assessing and managing risk in information systems.
Scope - Content:
The ISS Review Methodolgy Guide is written in 3 volumes:
Author - Committee:
INTOSAI EDP Audit Committee
Issued by INTOSAI EDP Audit Committee, October 1995
Related Documents - Executive Summaries:
Related Documents - ISSAI Full Versions:
Related Documents - Others:
INTOSAI Working Group on IT-Audit: Audit Publications