Federal Information System Controls Audit Manual (FISCAM)

Guidance issued by the Government Accountability Office with an abstract that begins "FISCAM presents a methodology for performing information system (IS) control audits of federal and other governmental entities in accordance with professional standards. This version supersedes the prior version, Federal Information System Controls Audit Manual: Volume I Financial Statement Audits, AIMD-12.19.6, January 1, 2001. The FISCAM is designed to be used primarily on financial and performance audits and attestation engagements performed in accordance with GAGAS, as presented in Government Auditing Standards (also know as the "Yellow Book"). The FISCAM is consistent with the GAO/PCIE Financial Audit Manual (FAM). Also, FISCAM control activities are consistent with NIST Special Publication 800-53 and all SP800-53 controls have been mapped to the FISCAM. The FISCAM, which is consistent with NIST and other criteria, is organized to facilitate effective and efficient IS control audits. Specifically, the methodology in the FISCAM incorporates the following: (1) A top-down, risk-based approach that considers materiality and significance in determining effective and efficient audit procedures; (2) Evaluation of entitywide controls and their effect on audit risk; (3) Evaluation of general controls and their pervasive impact on business process application controls; (4) Evaluation of security management at all levels (entitywide, system, and business process application levels); (5) A control hierarchy (control categories, critical elements, and control activities) to assist in evaluating the significance of identified IS control weaknesses; (6) Groupings of control categories consistent with the nature of the risk; and (7) Experience gained in GAO's performance and review of IS control audits, including field testing the concepts in this revised FISCAM.

Development of Information Technology Auditing Teaching Modules: An Interdisciplinary Endeavor between Seidenberg and Lubin Faculty

The original goals of the project were to develop interdisciplinary Information Technology (IT) Auditing teaching modules, to be integrated into courses offered by both Business and Information Technology disciplines during Fall 2009 and Spring 2010. IT Auditing is an interdisciplinary field which requires understanding audit, control, technology and security concepts in accordance with audit standards, guidelines, and best practices. Thus, IT Auditing requires interdisciplinary knowledge across IT and Accounting/Auditing domains. With increasing use of IT in business processes, the demand for IT Auditors is increasing rapidly, offering a lucrative career path. Acquiring IT Audit related knowledge and skills will help our students improve their career opportunities by exploring this growing field. Based upon the curriculum content areas of the CISA Exam as well as the ISACA Model Curriculum, we proposed the following three interdisciplinary teaching modules for IT Auditing: 1) IT Auditing Frameworks & Business Continuity; 2) IT Lifecycle Management & Service Delivery; and 3) Protection of Information Assets. We had developed the three teaching modules. Each individual module can be covered in one to two weeks. The entire set of three IT Auditing modules can then be covered in 3-4 weeks of class time. For each of the individual modules, we had developed presentation slides, reading lists and online quizzes based on the CISA Exam. We had also identified an overarching case study to be used throughout the three individual modules for continuity reasons

When to Utilize Software as a Service

Cloud computing enables on-demand network access to shared resources (e.g., computation, networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort. Cloud computing refers to both the applications delivered as services over the Internet and the hardware and system software in the data centers. Software as a service (SaaS) is part of cloud computing. It is one of the cloud service models. SaaS is software deployed as a hosted service and accessed over the Internet. In SaaS, the consumer uses the provider‘s applications running in the cloud. SaaS separates the possession and ownership of software from its use. The applications can be accessed from any device through a thin client interface. A typical SaaS application is used with a web browser based on monthly pricing. In this thesis, the characteristics of cloud computing and SaaS are presented. Also, a few implementation platforms for SaaS are discussed. Then, four different SaaS implementation cases and one transformation case are deliberated. The pros and cons of SaaS are studied. This is done based on literature references and analysis of the SaaS implementations and the transformation case. The analysis is done both from the customer‘s and service provider‘s point of view. In addition, the pros and cons of on-premises software are listed. The purpose of this thesis is to find when SaaS should be utilized and when it is better to choose a traditional on-premises software. The qualities of SaaS bring many benefits both for the customer as well as the provider. A customer should utilize SaaS when it provides cost savings, ease, and scalability over on-premises software. SaaS is reasonable when the customer does not need tailoring, but he only needs a simple, general-purpose service, and the application supports customer‘s core business. A provider should utilize SaaS when it offers cost savings, scalability, faster development, and wider customer base over on-premises software. It is wise to choose SaaS when the application is cheap, aimed at mass market, needs frequent updating, needs high performance computing, needs storing large amounts of data, or there is some other direct value from the cloud infrastructure.Siirretty Doriast

Air Traffic Management Abbreviation Compendium

As in all fields of work, an unmanageable number of abbreviations are used today in aviation for terms, definitions, commands, standards and technical descriptions. This applies in general to the areas of aeronautical communication, navigation and surveillance, cockpit and air traffic control working positions, passenger and cargo transport, and all other areas of flight planning, organization and guidance. In addition, many abbreviations are used more than once or have different meanings in different languages. In order to obtain an overview of the most common abbreviations used in air traffic management, organizations like EUROCONTROL, FAA, DWD and DLR have published lists of abbreviations in the past, which have also been enclosed in this document. In addition, abbreviations from some larger international projects related to aviation have been included to provide users with a directory as complete as possible. This means that the second edition of the Air Traffic Management Abbreviation Compendium includes now around 16,500 abbreviations and acronyms from the field of aviation

31th International Conference on Information Modelling and Knowledge Bases

Information modelling is becoming more and more important topic for researchers, designers, and users of information systems.The amount and complexity of information itself, the number of abstractionlevels of information, and the size of databases and knowledge bases arecontinuously growing. Conceptual modelling is one of the sub-areas ofinformation modelling. The aim of this conference is to bring together experts from different areas of computer science and other disciplines, who have a common interest in understanding and solving problems on information modelling and knowledge bases, as well as applying the results of research to practice. We also aim to recognize and study new areas on modelling and knowledge bases to which more attention should be paid. Therefore philosophy and logic, cognitive science, knowledge management, linguistics and management science are relevant areas, too. In the conference, there will be three categories of presentations, i.e. full papers, short papers and position papers