Department of Defence
Information System Audit
Table of Contents
1. Introduction to Accreditation 4
2. The Information System Audit – Checklist 7
2.1. What is an Information System Audit? 7
2.2. Why is an Information System Certification needed? 7
2.3. Assessing an Information System’s Security Risks 7
2.4. Selecting an Information System’s Security Controls 7
3. Purpose of the Checklist 8
4. How to Use the Checklist 8
4.1. The Checklist Structure 8
4.2. Security Objectives 9
4.3. Guidance for IRAP Assessors 9
4.4. Information ...view middle of the document...
|© Australian Government 2011 |
|This work is copyright. You may download, display, print and reproduce this material in unaltered form only (retaining this |
|notice) for your personal, non-commercial use or use within your organisation. Apart from any use as permitted under the |
|Copyright Act 1968, all other rights are reserved. |
|Assessment Details |
|Agency Name: ________________________________________________ |
|Agency ITSA:_________________________________________________ |
|IRAP Assessor: ______________________________________________ |
|Date of IRAP Audit: ___________________________________________ |
Introduction to Accreditation
Government Agencies are required under the Protective Security Policy Framework (PSPF) to consider the security of their electronic information systems and to implement safeguards designed to adequately protect these essential systems.
The Defence Signals Directorate regularly issues the Australian Government Information Security Manual (ISM). This manual defines the Australian Government’s information security best practices and is designed to provide assistance with information security to State & Federal Government agencies.
An information security audit is conducted as part of the wider accreditation process. The aim of an information security audit is to review the information system architecture (including the information security documentation), assess the actual implementation and effectiveness of controls for a system and to...