Automated machine compliance auditor (AMCA)
The process of examination and evaluation of an organization’s information technology infrastructure, operations, controls and policies is called an IT Audit. This process allows an organization to evaluate their current standing in terms of protection and integrity, availability and confidentiality...
Saved in:
| Main Author: | |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Animo Repository
2018
|
| Subjects: | |
| Online Access: | https://animorepository.dlsu.edu.ph/etd_masteral/6967 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | De La Salle University |
| Language: | English |
| Summary: | The process of examination and evaluation of an organization’s information technology infrastructure, operations, controls and policies is called an IT Audit. This process allows an organization to evaluate their current standing in terms of protection and integrity, availability and confidentiality maintenance of an IT asset. On the other hand, a subtype of IT Audit is called a compliance audit. Compliance audit is the term used by security professionals and auditors as the process of evaluating if a given instance correctly follows the points specified in a certain compliance document. Majority of the compliance audit processes today are performed manually. These manual processes involve the manual mapping of an audit scan result to a compliance requirement or the manual identification of all IT asset and their current controls. As the number of IT assets to be audited increases, the more challenging it becomes in terms of compliance monitoring. To solve this problem, the study was able to develop compliance audit tool that enabled auditors of an organization to automatically link an audit scan result of an IT asset to a specific requirement of a compliance document for continuous compliance monitoring. The series of tests indicated on this study proved that the tool is capable of linking an audit scan result to a compliance requirement, creation of customized scans, automated configuration scanning of remote IT assets and has been validated by industry experts who participated on the study. |
|---|