"Auditing Information Systems", Mario Piattini, 2000, 1-878-28975-6,
%E Mario Piattini
%C 1331 E. Chocolate Ave., Hershey, PA 17033-1117
%I IRM Press/Idea Group
%O U$139.95 717-533-8845 fax: 717-533-8661 cust@...
%P 246 p.
%T "Auditing Information Systems"
Chapter one is a general overview of auditing, with few details.
COBiT is not being used as intended by the majority of purchasers, we
are told in chapter two. There is a rather random discussion of some
security (and some network) concepts in chapter three, which changes
format rather abruptly towards the end. Chapter four notes that
software maintenance has dangers and a structured process would help.
It also suggests a COBiT style list of objectives. All kinds of
things it would be nice to have in the perfect data warehouse are
described in chapter five. Chapter six looks at a few legal issues
with respect to information. The theme of chapter seven seems to be
that databases should do what they are supposed to. (I suppose Gene
Spafford could sympathize: his definition of a secure computer is one
that does what it is supposed to.) Chapter eight attempts to recreate
ISO 9000 as a COBiT table. Task analysis by another name (audit
function points) is described in chapter nine.
Even though the name of COBiT is repeatedly invoked in this book it is
really hard to say what it has to do with auditing.
copyright Robert M. Slade, 2002 BKAUINSY.RVW 20020825
rslade@... rslade@... slade@... p1@...
Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
February 10, 2003 February 14, 2003 St. Louis, MO
March 31, 2003 April 4, 2003 Indianapolis, IN