Information Technology Reference
In-Depth Information
itors should have a good understanding of this standard in order to perform effective
audits.
Use of access controls is one action of ensuring that data and systems are protected.
Users who are authorised to access systems are given user rights on a need-to-know
basis. Rights are usually based on job description and other necessary job roles.
Various technologies are used to protect IT systems such that many enterprises employ
staff dedicated to providing security services such as implementing and managing
security systems.
Enterprises should always be prepared to recover from incidents. Being prepared to ad-
equately handle incidents is part of cybersecurity, and enterprises are required to do
so by regulation or internally developed policies. IS auditors should review cyber-
security regularly in order to ensure that the enterprise is protected. Auditors play a
critical role and should always provide advisory services to management on security
matters.
f) E-commerce
E-commerce is the buying and selling of goods and services on the Internet or other com-
puter networks. E-commerce is a very big industry as many enterprises have moved
to using e-commerce as it is more efficient and less costly to conduct business. Enter-
prises conduct their business using websites or portals which customers use to view
and place orders for the goods and services they want.
E-commerce, through the Internet, has enabled enterprises worldwide to sell their
products on the international market. This was not possible before e-commerce be-
came a reality. E-commerce generates a lot of data, and transactions worth billions
of dollars are conducted using this platform. Because of the many transactions being
conducted through e-commerce and high financial value, the industry has also attrac-
ted hackers and other illegal business enterprises that often attack legitimate sites and
steal money and data.
IS auditors have an important role in protecting e-commerce operations by regularly re-
viewing data security and protection of e-commerce infrastructure. IS auditors might
be required to review the following areas when auditing e-commerce infrastructure:
1. security for e-commerce sites
2. protection of clients' transactions
3. privacy for clients' personal data
Search WWH ::
Custom Search