ID Number: G00152216



The Top 10 Risk and Security Audit Findings to Avoid
2 October 2007
 
Paul E. Proctor  

A risk and security audit can be a major distraction and can result in the inappropriate use of resources. Enterprises should work proactively to avoid the most common audit findings.




Price: US$495.00

Pages: 9






Browse Topics


Other Options







Contact Gartner





Purchasing this document is fast, easy and secure, but you must be registered with gartner.com so we can track your order. Please select your status from these three choices:
Registration is required to purchase this document.
Or, you can register for gartner.com only.
 You or your organization may already own this document. Register now to find out. Your Gartner Membership Administrator can supply the needed License Key(s).
You will not lose your document during registration.
Sign in here:
Username:

Password:
Forgot your username
or password?







For more information about purchasing this or other documents, contact Gartner at one of the telephone numbers below:
North America:    +1 203-316-3010 7:30 am - 8:00 pm Stamford, CT
Europe:    +44 1784 267770 9:00 am - 5:00 pm London
Asia/Pacific:    +65 6879 2785 9:00 am - 6:00 pm Singapore
Japan:    +81 3 3481 3552 9:00 am - 5:30 pm Tokyo

Table of Contents


    
 Analysis

1.0
    
 Audit Findings: A Clear and Present Danger

1.1
    
 Understand the Auditing Landscape to Become a Better Negotiator
1.2
    
 A Proactive Approach to Governance, Risk and Compliance
1.3
    
 Types of Auditors

1.3.1
    
 Prescriptive (Traditional)
1.3.2
    
 Collaborative
1.4
    
 Types of Findings
2.0
    
 The Top Top-10 Risk and Security Audit Findings to Watch For

2.1
    
 Audit Finding No. 1: Data Classification
2.2
    
 Audit Finding No. 2: Change Management
2.3
    
 Audit Finding No. 3: Administrator Controls and Shared Accounts
2.4
    
 Audit Finding No. 4: Identity and Access Management
2.5
    
 Audit Finding No. 5: User Activity Tracking and Log Analysis
2.6
    
 Audit Finding No. 6: SOD in ERP Systems
2.7
    
 Audit Finding No. 7: Physical Access
2.8
    
 Audit Finding No. 8: Business Continuity Management and Disaster Recovery
2.9
    
 Audit Finding No. 9: Sourcing Controls and Partner Agreements
2.10
    
 Audit Finding No. 10: Education and Awareness




Browse Topics:
 
Security Risk Management
Regulatory Compliance
Security and Risk Management Roles
Security Process and Control Management




© 2007 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartner's research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.




Resource Id: 527933