Posted by: Robert Davis
Adaptive Systems, Assurance Services, Attestation, Control Evaluation, Control System, Due Care, Educational Institutions, Internal Control System, Logical Security, Non-profit, Open Source, Operating Style, Quality Assurance Program, Security Risks, Trust Management
Following the framework outlined in IT Auditing: An Adaptive System, a critical aspect of an IT assessment is the identification of related risks. Though Wikipedia Project Administrators commonly disavow their Internet endeavors are based on a Social Networking System (SNS), their activities appear to fit within an academically accepted definition of Social Media. Thus, there are application inherent risks. “These risk areas are similar to those brought about by other IT, such as inefficiency, wasted investment, insufficient effectiveness and lost opportunity. But, it also has some unique risk areas, including public image damage created by negative comments and postings in social media venues.” Consequently, my first identified weakness was recorded on August 21, 2012 concerning the integrity sub-domain of identity management.
Davis, Robert E. (2010). IT Auditing: An Adaptive System. Available from http://www.lulu.com/product/ebook/it-auditing-an-adaptive-system/18809075
Hanson, R. (2011, October 13). The Art of Dis-Connecting: Social Networking Risk Management. Presentation to the ISACA Perth Chapter. Converted PDF formatted material available at: www.isaca.org/chapters2/Perth/Documents/Social%20Networking%20Session%20-%20Rob%20Hanson.pdf
Singleton, T. (2012). What Every IT Auditor Should Know About Auditing Social Media. ISACA Journal, 5. Retrived from: http://www.isaca.org/Journal/Past-Issues/2012/Volume-5/Pages/What-Every-IT-Auditor-Should-Know-About-Auditing-Social-Media.aspx