Understanding I.S Security and I.S audit

IS security or information security refers to the protection of information systems against unauthorized access to or modification of information, whether in storage, processing, or transit, and against the denial of service to authorized users, that includes those measures necessary to detect, document, and counter such threats? It protects information, processes, and communication and protects sensitive business information from invasion. Information security is intended to protect organizations against malicious attacks. The two primary types of attacks are active and passive. Active attacks are considered more difficult to prevent, while passive attacks are easier to prevent with strong security measures.

Difference between IS security and IT security:

Information security Protects information processes and communication. Whereas, IT security is a component of information security that refers “only” to the protection of information on IT systems. In other words, IT security protects technical systems, such as hardware, software, and networks from unauthorized access, cyberattacks, and other malicious activity. Thus, information security has a broader scope than IT security. The most commonly cited examples of IT security include digital security disciplines such as endpoint security, cloud security, network security, and application security. IT security includes physical security measures like locks, ID cards, and surveillance cameras—required to protect buildings and devices that house data and IT assets.

Information security (IS) audit:

An information security (IS) audit, also known as a security audit or cybersecurity audit, is a comprehensive evaluation of an organization’s security posture. It examines an organization’s security systems, data protection policies, and safety procedures to identify vulnerabilities and recommends areas for improvement to security measures.

Some things that might be flagged during a security audit include insufficient password complexity, Inconsistent ACLs on folders*, Non-existent or insufficient file activity auditing, and Sensitive data not stored and protected correctly with encryption.

* An Access Control List (ACL) is a list of permissions that controls access to files and folders and determines what actions users can perform on them.

It may also be triggered by several events, like significant changes to IT infrastructure or systems, Regulatory requirements, and a security breach or incident.

Benefits of IS audit:

The audit ensures the availability of the information system, and the integrity and confidentiality of data including reviewing system records, activities, and related documents and evaluating regulatory compliance.

Security Considerations related Posts:

What are Cyber Threats of Different types?Control Mechanism for risk concerning Computer networkComputer Audit/IT Audit  
Understanding IS security and IS auditEvaluation Requirement for IT SecurityWhat are Data Security and Privacy?
What is Digital rights management (DRM)?  

Audit-related Posts:

ALL THESE 15 TYPES OF BANK AUDITS YOU NEED TO KNOWEMERGENCE OF RISK-BASED INTERNAL AUDITS IN BANKS: THE OBJECTIVES AND SCOPECONCURRENT AUDIT SYSTEM IN BANKS  
STATUTORY AUDIT OF BANKS EXPLAINEDWHAT IS A LONG FORM AUDIT REPORT (LFAR)?HOW THE CREDIT AUDIT IS CONDUCTED IN BANKS?
COMPUTER AUDIT/IT AUDITHOW ARE REVENUE AUDITS CARRIED OUT IN BANKS?FORENSIC AUDIT IN BANKS
LEGAL AUDIT IN BANKSWHAT IS STOCK AUDIT?UNDERSTANDING I..S SECURITY AND I.S AUDIT
ROLE OF AUDIT AND INSPECTION EXPLAINEDVIEW: RBI INSPECTION OF COMMERCIAL BANKS
Surendra Naik

Share
Published by
Surendra Naik

Recent Posts

Features of a Computerized Accounting System

Accounting is a multifaceted discipline. It caters to the diverse informational needs of stakeholders within…

9 hours ago

What is the meaning of computerized accounting?

As the name says ‘computerised accounting’ is the use of computers, software, and hardware to…

1 day ago

Supreme Court overrules capping of Credit card charges

The Supreme Court today overruled a 2008 decision by the National Consumer Disputes Redressal Commission…

2 days ago

Preparation and Presentation of Financial Statements of Banks

The Bank’s financial statements are prepared under the historical cost convention, on the accrual basis…

3 days ago

Accounting Treatment of Specific Items under accounting policies of banks

The term "accounting treatment" represents the prescribed manner or method in which an accountant records…

3 days ago

Explained: Disclosures Prescribed by RBI under Basel-III

The Basel Committee on Banking Supervision (BCBS) is the primary global standard setter for the…

4 days ago