Please note
This corporate website is no longer updated very often, apart from the computer audit FAQ anyway. We are still writing white papers but mostly they are sold as part of the NoticeBored security awareness service. Please visit NoticeBored.com and ISO27001security.com for more free white papers and samples of our wares.
 Our answers to Frequently Avoided Questions about IT Auditing give a somewhat tongue-in-cheek introduction to modern IT auditing for anyone unfamiliar with the specialism, including those who are about to be audited, who are considering a career in IT audit, who are interviewing candidates for IT audit positions, or are answering obscure questions on cryptic crosswords. Practicing IT auditors (as well as those who have mastered the art) will hopefully enjoy it and are very welcome to contribute to its continued development. It is tweaked every so often when either inspiration or boredom strikes, sometimes both at once.
Here’s some of the generous feedback from appreciative FAQ readers that always makes us smile and spurs us on to write more - thanks all:
-
“Thanks!!!!! I am looking to make a career change from business analysis to IT Auditing/Information Security. I wanted to thank you for putting that kind of information out there. It was one of the best forms of information I found on this topic. I just want to say thinks for taking the time to do that for people like me.” (Thanks Denise and good luck with that ‘step up’.)
-
“Good day Gary, I am Sam, from University of Nigeria, Nsukka. I just want to say I am very grateful for the material you put online on Computer Auditing. I am reading Electronic Engineering and I am writing a project on ICT Auditing. You have been quite resourceful Sir. Ah yes your sense of Humour, marvelous! Thank you very much.” (Best wishes Sam - study hard and you too may be writing FAQs one day.)
-
“This was hilarious but the really funny thing is that I learned quite a bit. Great resources too. I am getting ready to do my first IT audit and don’t have a clue as to what I am doing so humor goes a long way when you are nervous as heck. Enjoyed this immensely!” (You flatter me! Good luck. Knock ‘em out kid.)
-
“Your paper is brilliant and extremely hilarious; I could not get past page 14 - the Final Audit Report presented to auditees and the subsequent challenge...... simply LOVE it!!”
-
“All I can say about this site is WOW. What a fantastic way to present such humdrum information. I have to give a briefing in a couple of weeks on IT Auditing to a group of Internal Auditors, and I will definitely be linking your website. I'll definitely be printing it out and passing it around, as it gives people something to do while trying not to fall asleep during the power point presentation. Thanks for your hard work!”
-
“Hello Gary, I small feedback to congratulate you, I spent my evening reading your "Frequently Avoided Questions about IT auditing". I had great fun I get a lot of valuable informations.”
-
“Hi Gary, I have just read your CA FAQ and please accept my profound compliments on an excellent example of literary output. As a career IT auditor of some 25+ years and an ISACA Chapter President, I thoroughly endorse your comments and views. This was the most enjoyable read in a long while.”
-
“I’ve just been ‘volunteered’ to be an auditor and your site has lifted the gloom a wee bit. Might make it to the weekend now! Thanks for the info and humour - great work.”
-
“Thanks for the informative FAQ’s. I have surfed everywhere for information on Computer Auditing and your site is the best bar none. I am applying for a job as a computer auditor, although I do not have any formal audit qualifications I do have 20 years experience in IT and IT quality systems. Your FAQ’s have answered some of the concerns I have.”
-
“What an entertaining (call the medics!) and informative read. I didn’t realise I did all that! Incredibly readable, if you can do that with auditing then you must be a star!” (No, not a star, just a bright spark maybe)
-
“During my audit career I have tried to bring humor to the process ...something between an uphill struggle and pushing a string. I have a co-worker who is interested in getting into this field and I have referred him to your FAQ.”
-
“I would just like to pass on my thanks for “Frequently Avoided Questions about Computer Auditing”. The document is extremely informative and has helped to answer many questions that I have never been able to find the answers to! Furthermore, the humor throughout makes reading up on Computer Audit a real pleasure.” (oh stop it, you’ll make me blush!)
-
“Just wrote in to say I really enjoyed this FAQ you made. Great and impressive task. Now, it's easier to just link to this FAQ than to explain that ‘No, I don't do tax calculations, I'm an IT auditor.’ I'm an IT auditor of six years and though I've usually encountered being treated like the Ravenous Bugblatter Beasts of Traal, at least we're more palatable than Vogon Poetry... possibly.”
-
“Thanks you so much for your time and efforts and blood and sweat and tears and what ever else you spent in writing this ...”
-
“I am a CPA from the Philippines and I just want to let you know that I spent my entire lunch break being entertained by your FAQs about IT auditors. I normally would not be interested in this subject, but something urged me to keep on reading, and I am glad I did. Although I still will not qualify as an IT Auditor (I am a tax auditor), I really enjoyed your FAQ, especially since, were it not for the hilarious bits of humor injected in the entire subject, it would otherwise have bored me to death/ or near death.”
 The value of information security awareness 
Gary Hinson wrote a chapter on security awareness for the Handbook of Research on Social and Organizational Liabilities in Information Security, published in 2008 by IGI Global. OK it’s not exactly a white paper but it was an unpaid contribution to an academic book.
We wrote this white paper to elaborate on the broad business (commercial) benefits of implementing a standards-compliant Information Security Management System. It is a case study based on an IT services organization that installed an ISMS based on ISO/IEC 27002 and was certified against ISO/IEC 27001. [This case study has now been updated and republished at ISO27001security.com, along with a complementary paper: a generic cost-benefit analysis (business case) for ISO27k.]
Gary Hinson wrote a ‘state of the nation’ piece about IT auditing for EDPACS journal. The relevant issue of EDPACS has been made available as a free download to showcase this venerable peer-reviewed journal. [By the way, EDPACS is looking for comprehensive articles about IT audit and security, governance and risk management, and auditing in general. If you feel the urge to see your work in print, contact the EDPACS editor, Dan Swanson, or other members of the EDPACS editorial board.]
This short discussion piece draws analogies between the principles of QA and governance. It concludes by defending ISO/IEC 27002’s use of information security control objectives and control recommendations instead of mandating specific controls.
We reviewed Sean Convery’s textbook for those tasked with designing network security architectures. There are several more recent book reviews on our NoticeBored website.
This is a discussion paper proposing that the Executive Board should include someone responsible for directing those functions specifically associated with corporate governance, and co-ordinating governance activities distributed amongst senior and middle management and the rest of the organisation.
Presents a strategic programme to improve information security controls through a logical sequence of just six steps.
Feedback welcome! Please contact us
to comment on or contribute to any of these papers.
|
