1. IT Audit Methodologies IT Audit Methodologies

8. CobiT - Framework

26. BSI - Approach

49. CC - Security Concept

50. CC - Evaluation Goal

53. CC - Security Functional Classes Name Audit Communications Cryptographic Support User Data Protection Identification & Authentication Security Management Privacy Protection of TOE Security Functions Resource Utilization TOE (Target Of Evaluation) Access Trusted Path / Channels Class FAU FCO FCS FDP FIA FMT FPR FPT FRU FTA FTP

54. CC - Security Assurance Classes Name Configuration Management Delivery & Operation Development Guidance Documents Life Cycle Support Tests Vulnerability Assessment Protection Profile Evaluation Security Target Evaluation Maintenance of Assurance Class ACM ADO ADV AGD ALC ATE AVA APE ASE AMA

55. CC - Eval. Assurance Levels (EALs) *TCSEC = “Trusted Computer Security Evaluation Criteria” --”Orange Book” Name Functionally Tested Structurally Tested Methodically Tested & Checked Methodically Designed, Tested & Reviewed Semiformally Designed & Tested Semiformally Verified Design & Tested Formally Verified Design & Tested EAL EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 *TCSEC C1 C2 B1 B2 B3 A1

59. Comparison of Methods - Results CobiT 3.4 3.3 2.7 2.8 3.3 3.1 1.9 3.0 3.1 2.3 Standardisation Independence Certifyability Applicability in practice Adaptability Extent of Scope Presentation of Results Efficiency Update frequency Ease of Use BS 7799 3.3 3.6 3.3 3.0 2.8 2.9 2.2 2.8 2.4 2.7 BSI 3.1 3.5 3.0 3.1 3.3 2.7 2.6 3.0 3.4 2.8 ITSEC /CC 3.9 3.9 3.7 2.5 3.0 2.6 1.7 2.5 2.8 2.0 Scores between 1 (low) and 4 (high) - Scores for CobiT, BS7799, BSI from ISACA Swiss chapter; score for ITSEC/CC form H.P. Winiger

60. CobiT - Assessment

61. BS 7799 - Assessment

62. BSI - Assessment

63. ITSEC/CC - Assessment

65. Herzlichen Dank für Ihr Interesse an IT Audit Methodologies