The information system audit is an important review process for any organization. Information system audit is essential to identify any venerability in information technology infrastructure. In this work, information system audit process was studied in Indian context and proposed a refine framework for the information system audit process to overcome the deficit in present auditing process. The proposed framework covers important aspect of information system audit such as security environment, website security auditing, software code security, network security, physical security, organization and administration aspects etc. Further, a case study on information security audit in the small a small business enterprise was performed. The systematic review and the report of audit process are reported based on the case study. Finally, some sensitive managerial issues and findings of an awareness survey of information security were presented.

Information security management, information system security audit, data framework and applied model

[1] H Botha and J A Boon, “The information Audit: Principle and Guidelines”, Libri 53, pp. 23-38, 2003.
[2] Manual of Information Technology Audit, Office of the Comptroller and Auditor General of India, Vol 1 & 2, 2014.
[3] Information security audit (IS audit) - A guideline for IS audits based on IT-Grundschutz - German Federal Office for Information Security 2008 – Version 1.0
[4] National Audit Office of Finland - Auditor General Manual - Finland Registry no. 23/01/2015
[5] Coordinated Audit of Information Technology Security (with Shared Services Canada), Govt of Canada. https://www.canada.ca/en/treasury-board-secretariat/corporate/reports/coordinated-audit-information-technology-security.html [Last access on 14/04/2019]
[6] D M Chudasama, L K Sharma, N C Solanki, Priyanka Sharma , " A Comparative Study of Information Systems Auditing in Indian Context" , IPASJ International Journal of Information Technology (IIJIT) , Volume 7, Issue 4, April 2019 , pp. 020-028.
[7] Coordination for Website security audit [Go daddy-Website Domain Hosting]] https://www.godaddy.com/garage/how-to-do-your-own-website-security-audit/[Last access on 21/04/2019
[8] SSH standard and detailed technical documentation [SSH.com] https://www.ssh.com/ssh/protocol/[Last access on 21/04/2019]
[9] Coordination For Performing software code & security audit [Vera code] https://www.veracode.com/security/software-audit[Last access on 21/04/2019
[10] Coordination for Network Security audit [swissns] https://www.swissns.ch/site/2016/09/5-steps-of-performing-a-network-security-audit/[Last access on 21/04/2019
[11] Coordination for Network Security audit [Consolidated Technology Inc.] https://consoltech.com/blog/business-network-security-audit-say-yes/[Last access on 21/04/2019
[12] Coordination for Physical Security audit [Imgram] https://imaginenext.ingrammicro.com/Trends/November-2017/The-4-Step-Physical-Security-Audit[Last access on 21/04/2019
[13] Coordination for Physical Security audit [kisi blog] [Last access on 22/04/2019] https://www.getkisi.com/blog/physical-security-assessment-problems-it-can-uncover
[14] Coordination for Organization and administration audit [Smart data collective][https://www.smartdatacollective.com/4-easy-steps-conduct-security-audit-company/Last access on 23/04/2019]
[15] Coordination for small business preparing case study audit [Sans Institute] https://www.sans.org/reading-room/whitepapers/casestudies/case-study-risk-audit-small-business-1243 [Last access on 23/04/2019]
[16] Coordination for small business preparing case study audit, Concordia University, https://users.encs.concordia.ca/~clark/courses/1501-6150/scribe/L09b.pdf [Last access on 23/04/2019]