Date Published: April 1988
Author(s)
Zella Ruthberg (NBS), Bonnie Fisher, William Perry, John Lainhart, James Cox, Mark Gillen, Douglas Hunt
This guide addresses auditing the system development life cycle (SDLC) process for an automated information system (AIS), to ensure that controls and security are designed and built into the system. The guide also presents a process for deciding which system to audit among an organization's universe of systems. It is directed toward mid-level ADP auditors having a minimum of two years experience in ADP auditing, but can also be used by security reviewers, quality assurance personnel, and as a training tool for less experienced ADP auditors. ADP managers and system developers will also find it useful guidance on security and control issues. The guide is designed to provide audit/review programs for each major phase of the SDLC process and assumes a large sensitive system. The reader is expected to make appropriate modifications for small less sensitive systems. The guide represents the results of the past four years of activities by the Electronic Data Processing (EDP) Systems Review and Security Work Group of the Computer Security Project within the President's Council on Integrity and Efficiency (PCIE).
This guide addresses auditing the system development life cycle (SDLC) process for an automated information system (AIS), to ensure that controls and security are designed and built into the system. The guide also presents a process for deciding which system to audit among an organization's universe...
See full abstract
This guide addresses auditing the system development life cycle (SDLC) process for an automated information system (AIS), to ensure that controls and security are designed and built into the system. The guide also presents a process for deciding which system to audit among an organization's universe of systems. It is directed toward mid-level ADP auditors having a minimum of two years experience in ADP auditing, but can also be used by security reviewers, quality assurance personnel, and as a training tool for less experienced ADP auditors. ADP managers and system developers will also find it useful guidance on security and control issues. The guide is designed to provide audit/review programs for each major phase of the SDLC process and assumes a large sensitive system. The reader is expected to make appropriate modifications for small less sensitive systems. The guide represents the results of the past four years of activities by the Electronic Data Processing (EDP) Systems Review and Security Work Group of the Computer Security Project within the President's Council on Integrity and Efficiency (PCIE).
Hide full abstract
Keywords
audit; computer security; SDLC; system development life cycle
Control Families
None selected