Volume 1, 2008 of Information Systems Control Journal
With apologies to
N.W.A’s Straight Outta Compton
The latest issue of Control came out. I have a hard time reading professional journals, although I know it’s in my best interest to do so, so I’m a skimmer. The contents of this specific issue can be found here: TOC. My main issue with most journals is that I prefer the “How to” type article or hard data. Often times you don’t get those. There are a few gems in this months journal that I think are worth reading and understanding. But first I found this rather humourous…
The Article “Measuring the Readability of Sof tware Requirement Specifications” in the issue talks about how Specs are too hard to read and cover several tools that can help with readability and also provide other means to make them easier to read and understand. Two of the tools that are available in Microsoft Word are F.K. Readability and F.K Grade level. The authors stress that these tools should only be used as part of making specs readable but not the final determination of good quality specs and if used alone, the spec writer will likely still have a poor spec. In other words, they are a good tool to determine general direction and ‘Clues” to poor documentation but serious consideration needs to be made to have a more “holistic” tool avaialable to improve Specifications. Quickly put, F.K Readability uses a score. The lower the score, the more difficult to read, with 30 or lower equating to college graduate level. F.K. Grade Level is a computation of the Grade Level. Out of curiousity, I cut and paste the article into word (realizing this is a Journal so I expected relatively difficult to read scores). Here is what I came up with.
I’m just saying…..
OK - for the articles I LIKE….if you click on the link you will need an account with ISACA.org.
Practicing Information Technology Auditing for Fraud This is a good article (with a boring name) . One - lots of tables/pictures for simple guys like me. Two, it really gives a good and simple methodology for determining Fraud risk and applying controls. Short, sweet and simple.
Is Your Printer Betraying Your Business? Key items - networked printers have multiple services running on them that may be vulnerable to attack (IBM particularly had many services running), networked printers have admin accounts that would allow someone to redirect a copy of all documents by enabling fax forwarding - these accounts have default passwords that many don’t change. There are more intersting items here - I suggest reading this article.
Lastly Continuous Auditing Comes of Age is a good article looking to the future of Audit management . I found this interesting trying to put this in context of SAS70 audits. Continuous auditing means that data is constantly collected and audits then are incremental over time rather than massive efforts at certain points. This can reduce cost and find problems when they are small instead of later when the impact is cumulative. The article was directed at internal audit, I could see a significant benefit for external audits like SAS70 as well as the information/evidence should be much better and cleaner.
[More Help]