The role of the external auditor in assessing the security of information technology systems in light of (ISO/IEC 27001)

Abstract

This research aims to shed light on the necessity of establishing an information security management system through which banking security risks are managed in the light of the ISO (IEC 27001) standard, through which bank departments seek to demonstrate the management of their security systems and their controls in accordance with the specifications of the standard to obtain an internationally recognized security certificate And the need for senior management in banks to an independent person with scientific and practical qualification and who has accredited certificates in the field of information technology for the purpose of helping them to verify the level of compatibility between the policies and procedures applied and the policies described in the standard (ISO / IEC 27001), has been approved (checklist) Based on the standard specifications and procedures mentioned in the standard as a main tool for collecting and analyzing data and information for a sample of private banks, and in the light of the application process a number of conclusions were reached, the most prominent of which is the failure of banks to fulfill the research sample for all the requirements and conditions of the standard (ISO / IEC) 27001. Weaknesses and imbalances in the security of the systems used to process data and information, which requires standing on them and studying them, and the researchers made a number of recommendations, the most prominent of which are on the banks ’departments. To discuss increasing interest in meeting quality requirements in relation to the security of its information by meeting the reliability requirements of information technology security contained in the standard (ISO/IEC 27001), with the need to seek external consultants and auditors specialized in the field of information security for the purpose of security checks of the systems applied in the bank..