Authors: Kamesh Namuduri
Addresses: Department of Electrical Engineering, University of North Texas, Denton, TX 76203, USA
Abstract: Compliance to industry standards is just the minimum requirement for auditing. A critical analysis of the requirements of compliance reveals that auditing for compliance purposes should not be viewed as a onetime or an ad hoc effort. It needs to be done on a periodic basis. This paper argues that a comprehensive framework that goes above and beyond auditing is important and necessary for protecting information which is the most valuable asset of an organisation. Continuous auditing allows us to monitor the organisational processes that are in place for information protection and take appropriate actions to rectify them in the most efficient manner. Information security management team needs to view compliance requirements from the organisational strategy towards information assurance, and risk management perspectives in order to appreciate the benefits of compliance. This comprehensive view is important for every organisation that strives to improve its auditing process.
Keywords: continuous auditing; payment card industry; PCI; data security standards; DSS; information systems auditing; information security management; compliance requirements; risk management.
International Journal of Auditing Technology, 2013 Vol.1 No.1, pp.45 - 51
Available online: 21 Feb 2013 *Full-text access for editors Access for subscribers Purchase this article Comment on this article