The National Association of State Auditors, Comptrollers Treasurers Search Site Map Feedback Privacy Policy Contact Us

About NASACT
Washington Connection
NASACT Roster
News Center
Technical Updates
Information Security Audit
Members Only
Online Resources
NASACT Community
Conferences & Seminars
Home

Calendar of Events
Staff Directory
Survey Central
NASACT BookStore


Phase I Teams

The Framework team was charged with creating a strategy to assist states in developing information security audit functions. Work of this team concluded with the release of the Management Planning Guide for Information Systems Security Auditing dated December 10, 2001, at the NECCC Annual Conference. The guide is available at both the NECCC and GAO web sites.

The Training team was asked to identify common training needs and develop and implement a training program, including "hands-on" technical courses. This team facilitated the one-day training classes on the GAO FISCAM and on Advanced Security Vulnerability Testing in conjunction with the NSAA Middle Management/IT Conference. In addition, a training curriculum was included in the Management Planning Guide.

The Information Sharing team developed a process for sharing information, including best practices. This team continues to work with NASACT's web site consultant to finalize the member forums, a database, and a web page for sharing information.

The Pilot team strategized how to identify and perform joint information security audit pilots and report on results. The pilot team surveyed states and proposed Unemployment Insurance as a pilot project. Because the U.S. Department of Labor Inspector General has already contracted for work in this area, another project needs to be selected. Also the team identified potential obstacles to pilot audits that were incorporated into the Management Planning Guide.