Allgemeine Quellen zur IT-Revision und IT-Sicherheit

Bundesamt für Sicherheit in der Informationstechnik (BSI)
- IT-Grundschutz-Standards (Link)
  - BSI-Standard 100-1: Managementsysteme für Informationssicherheit (ISMS)
  - BSI-Standard 100-2: IT-Grundschutz-Vorgehensweise
  - BSI-Standard 100-3: Risikoanalyse auf der Basis von IT-Grundschutz
  - BSI-Standard 100-4 Notfallmanagement
- IT-Grundschutz-Kataloge (Link)
- Technische Richtlinie 03125 "Vertrauenswürdige elektronische Langzeitspeicherung" (TR-VELS, Link)

A-SIT Zentrums für sichere Informationstechnologie - Austria
- Informationssicherheitshandbuch (Link)

Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e.V. (BITKOM)
- "Kompass der IT-Sicherheitsstandards" (Version 4.0, Downloadlink)

Defense Information Systems Agency (DISA)
- Security Technical Implementation Guides (STIGS) and Supporting Documents der Link)

Global Technology Audit Guides (GAIT) vom Institute of Internal Auditors (IIA)
- Information Technology Controls (PG GTAG-1)
- Change and Patch Management Controls: Critical for Organizational Success (PG GTAG-2)
- Continuous Auditing: Implications for Assurance, Monitoring, and Risk Assessment (PG GTAG-3)
- Management of IT Auditing (PG GTAG-4)
- Managing and Auditing Privacy Risks (PG GTAG-5)
- Managing and Auditing IT Vulnerabilities (PG GTAG-6)
- Information Technology Outsourcing (PG GTAG-7)
- Auditing Application Controls (PG GTAG-8)
- Identity and Access Management (PG GTAG-9)
- Business Continuity Management (PG GTAG-10)
- Developing the IT Audit Plan (PG GTAG-11)
- Auditing IT Projects (PG GTAG-12)
- Fraud Prevention and Detection in an Automated World (PG GTAG-13)