Ontological framework for information system audit

Technology is evolving at an amazing pace and offering a vital benefit for businesses. On the other hand, it has also brought ever-increasing security threats. There is no agreed upon and well-suited security audit framework for tackling IT security challenges, and there is also no holistic approach for the audit process. Because of this lack of agreement, it is getting more challenging to monitor assets; confidentiality, integrity and availability (CIA); threats; vulnerability; risk; and control.
This article proposed 8 audit processes in 1 hierarchical framework to understand and design visualizations on the previously mentioned security concepts.
The following are a few of the benefits of using the framework:

• Provide a common understanding on concepts, definitions and approaches
• Create a common understanding of steps and processes
• Clearly show how you perform the audit
• Help managers follow along with the audit stages
• Demonstrate how ontological and hierarchical thinking simplifies tasks
• Increase efficiency and performance
• Improve skills of auditors and people in the area to manage security auditing process Build a common base for evaluation, monitoring, reporting, analyzing and training

After performing several audits, the researcher fined the framework quite helpful. Today, auditors are driven to perform risk-based audit. To identify risk-based IT auditable areasth is can be a difficult process, but this framework help to precede more on audit activity.
ISACA® Volume 5, Sep 2016: for your further reading please refer https://www.isaca.org/Journal/Blog/Lists/Posts/Post.aspx?ID=333

Author

Shemlse G/Medhin Kassa, CISA, MSCS, CEH
Is a Security, systems and IT audit professional in Ethiopia.