ISACA releases audit tools to ease compliance

Methodologies for managing Windows Active Directory, cloud, security and crises

Audit programmes to improve governance

Four new IT audit programmes have been developed by non-profit certification organisation ISACA.

The programmes cover cloud computing, crisis management, information security management and Windows Active Directory.

The cloud computing programme covers governance over cloud computing, the relationship between the service provider and customer, and specific control issues.

The crisis management programme focuses on pre-crisis planning; the scope of the plan, including the relevance of the crisis scenarios selected, the probability that the scenarios will occur, and appropriate responses; as well as testing, maintaining and aligning the plan with business risks.

The information security management programme features governance, policy, monitoring, incident management, implementing security configurations and selecting security technologies.

The Windows Active Directory programme covers Active Directory management, secure Active Directory boundaries, secure domain controllers, physical security of the domain controllers, configuration settings, and secure administrative practices.

“These audit programmes are valuable tools because they provide a template to help auditors worldwide complete specific assurance processes,” said Norm Kelson, lead author of the programmes. “They have been developed by a team of experienced assurance professionals from around the world, representing the latest global expertise, and are peer reviewed.”

The programmes are downloadable in Word format and can be customised to fit a specific operating environment. The audit programmes are free for ISACA members and £29 for non-members.