Managing Enterprise Information Integrity: Security, Control and Audit Issues

0 avg rating
( 0 ratings by Goodreads )
 
9781893209633: Managing Enterprise Information Integrity: Security, Control and Audit Issues
View all copies of this ISBN edition:
 
 

A limitation of today s control and assurance efforts, related to information integrity, is that the frameworks of the accounting and auditing profession have focused almost exclusively on financial information. As the focus of information integrity control and assurance efforts expands to other performance management and reporting information and decision-related information beyond financial information, a need arises for a comprehensive understanding of information integrity issues. The findings of this research, which are highlighted in the document, identify and validate the key dimensions of information integrity and key information integrity risk areas. Recommendations are provided throughout that will be of interest to data/information quality managers, assurance providers and acamadics. Some of the highlights of the publication include:

  • A set of definitions and distinctions to focus on the meaning of information integrity defined as representational faithfulness to the subject matter of the information and distinguish this concept from other conceptions about information quality
  • A framework idenfying four key attributes of information integrity (completeness, currency, accuracy and validity) and seven key enablers (security, availability, understandability, consistency, dependability, verifiability and credibility). This framework extends the professional literature which does not currently contain a comprehensive, generally accepted information integrity framework, as described more fully in this document.
  • A decomposition of system processing phases and system development life cycle phases that enables linking information integrity attributes and enablers to sources of error, and likewise linking countermeasures to specific information integrity attributes and enablers

"synopsis" may belong to another edition of this title.

Review:

Significant changes in internal and external environments are driven mostly by growing business dependence on reliable and accurate business information. Management has been responding to such changes through increased emphasis on quality of information used for decision making and financial reporting purposes. This book establishes an information integrity framework that can be used by management as part of its risk assessment and control implementation strategies. For information assurance service providers, this information integrity framework also serves as a general guideline that can be used to evaluate information integrity issues against well-defined criteria. The framework not only focuses on representational faithfulness or integrity of financial information but also on managerial and operational information quality.

The information integrity framework described in this book should be regarded as a significant contribution to the field of management science as it represents a first-ever study and attempt at developing an information integrity framework. Findings and conclusions about the information integrity framework identify four key attributes of information integrity and seven key enablers. They are supported and validated by a comprehensive study on the topic, which includes extensive literature reviews and workshops held among experienced professionals working in the field of information systems audit and control.

The book is comprised of 8 chapters and 5 appendices. The appendices provide several extracts from the COBIT control objectives and management guidelines as they relate to the information integrity attributes and enablers identified by the framework. Also contained in the appendices are details of the workshops that were held to validate the framework as well as a summary of recommendations on managing risks related to information integrity.

Chapters 1-3 provide, respectively, the executive summary of the research project to validate the information integrity framework, a set of definitions of terms presented in the book, and an introduction to the project background, scope and approach. The author makes an important statement that information integrity is a necessary component of the overall information quality concept.

Chapter 4 discusses the relationship between information integrity and other attributes of information quality in the areas of information relevance, reliability and usability. The author emphasizes the importance of achieving a balance between the costs of attaining information integrity and the benefits of doing so.

In Chapter 5, the author sets out to determine the four core attributes or qualities of information integrity, as well as the seven factors that are not only critical but also necessary to enable these core attributes. The author finds that all of the core attributes are necessary for a given information item to have information integrity.

Chapter 6 discusses the consequences of information integrity impairment and the relationship between these consequences and the risk of information integrity impairments. A list of various IT features that create information integrity risks is presented in this chapter also. Detailed analysis of information integrity impairment risks by information processing phases can be a valuable resource to IS audit and control practitioners.

Chapter 7 presents analysis of COBIT's control objectives against the information integrity attributes and their enablers as discussed in the previous chapters. Based on the results of this analysis, several specific enhancements to COBIT's control objectives are suggested.

This book is a valuable contribution to the scarce literature on a comprehensive yet practical information integrity framework.

--Sod Chuluunbaatar, CISA, CIA, CISSP, Security+ - ISACA Journal Volume 6, 2005

"About this title" may belong to another edition of this title.

(No Available Copies)

Search Books:



Create a Want

If you know the book but cannot find it on AbeBooks, we can automatically search for it on your behalf as new inventory is added. If it is added to AbeBooks by one of our member booksellers, we will notify you!

Create a Want