Federal Information System

Federal Information System

he US Government Accountability publishes the?Federal Information System?Controls Audit Manual (FISCAM)?[22], which prescribes a simple, three-step process for auditing information system controls and provides detailed guidance for evaluating and testing two major types of controls—general controls and business process application controls. General controls include five categories: security management, access control,?configuration management, segregation of duties, and contingency planning. Business process application controls span four categories: application level general controls, business process controls, interface controls, and?data management system?controls. For each control category, FISCAM identifies critical elements considered essential to implementing adequate controls and achieving control objectives, as well as recommended control techniques and procedures for auditing each element. As a US government audit manual, the guidance in FISCAM conforms to the Government Auditing Standards (commonly known as the Yellow Book)?[20]?and to the?audit standards?specified by the AICPA.

As might be expected for a government audit manual, the primary intended use of FISCAM is to support audits of information systems performed in accordance with the Government Auditing Standards. Auditors or organizations not subject to these standards and not committed to some other control framework may find FISCAM guidance useful to help understand the general IT audit process and determine potential methods to use to test various infprmation system controls.

The?Federal Information Security Modernization Act of 2014 (FISMA 2014)?updates the Federal Government's cybersecurity practices by:

  • Codifying Department of Homeland Security (DHS) authority to administer the implementation of information security policies for non-national security federal Executive Branch systems, including providing technical assistance and deploying technologies to such systems;
  • Amending and clarifying the Office of Management and Budget's (OMB) oversight authority over federal agency information security practices; and by
  • Requiring OMB to amend or revise OMB A-130 to "eliminate inefficient and wasteful reporting.



要查看或添加评论,请登录

Dipti Goyal的更多文章

  • Scala

    Scala

    Scala is a coding language short for “Scalable Language.” Some professionals consider Scala to be a modern version of…

  • Oracle Essbase

    Oracle Essbase

    Oracle Essbase is a business analytics solution and multidimensional database management system (MDBMS) that provides a…

  • BigQuery

    BigQuery

    Google BigQuery is a cloud-based big data analytics web service for processing very large read-only data sets. BigQuery…

  • Gap Analysis

    Gap Analysis

    A gap analysis is a method for comparing a business's current performance to its desired performance. It's a strategic…

  • Tableau

    Tableau

    Tableau is a visual analytics platform that empowers users to explore, visualize, and analyze data to gain insights and…

  • Jira

    Jira

    Jira is a project management and issue tracking tool developed by Atlassian, used by teams to plan, track, release, and…

  • Natural Language Processing

    Natural Language Processing

    Natural language processing (NLP) is the ability of a computer program to understand human language as it's spoken and…

  • Risk Weighted Assets

    Risk Weighted Assets

    RWA can refer to risk-weighted assets or resident welfare association. Risk-weighted assets RWA is a banking term that…

  • Chargeback Analysis

    Chargeback Analysis

    Chargeback analysis is the process of examining data related to customer disputes on credit card transactions…

  • Solution Architecture

    Solution Architecture

    Solution architecture is a systematic method for designing IT solutions that meet business needs. It involves planning…

社区洞察

其他会员也浏览了