In the paper of Suduc, Bizoi and Filip (2010), based on the introduction of current IT security risks and several audit standards, the authors suggest two main audit plans for information system security. In another paper (Suresh 2009), the author mentions a presentation issue in information governance that many executives don’t pay enough attention on information controls, in addition, the author recommends COBIT to be a good audit framework for IT governance. 2. Analysis
In the paper of Suduc, Bizoi and Filip (2010), there are 3 things need to be point out. First of all, the figures give an unambiguous support for the points in this paper. The authors use lots of figures from varied references to support their ideas. Second, the authors detail 6 IT audit standards which are good principles for the practice in audit process. Especially, they give deeper insight on the relationship between the control clauses in ISO standards. The last and the most significant thing is that they suggest two audit processes for IS security. These two processes can be treated as good action plans in practice which can be cited as excellent references for many IT companies.
However, in this paper, some disadvantages reveal as well. For example, the authors divide IS risks into two categories: physical and logical risks; but they don’t have proper evidences to support it. Furthermore, if authors gave more comparison between the two audit processes, the paper would be more clear and easy to implement.
In the paper of Suresh (2009), the most important issue mentioned by the author is the implementation of information audit. Like cooking in different place, the results can become disparate if the executives treat information audit diversely. However, it should be noticed that the author recommend the COBIT to be an overall framework which can largely enhance the effectiveness of governance procedures. Additionally, COBIT can be utilized by combining other standards such as ISO 20000. In this paper, the author just illustrates how to combine COBIT to other standards in practice which is also a biggest advantage in this paper.
These two papers