C

Previous page
Table of content
Next page

cable locks, 160

California SB 1386, 340-341

Canadian Personal Information Protection and Electronic Document Act (PIPEDA), 341-342

capacity management, 105

capacity monitoring and planning, 78

card-key devices, in data center, 91

career IT auditors, 23-25

overview, 23-24

sources for, 24-25

CD (control deficiency), 352

ceilings, of data center, 91

Center for Information Security, 150

centralized IT functions, 37

CEO (chief executive officer), 4, 6, 63

CERT (Computer Emergency Response Team) notices, 188

certificates, server side, 213

certifications, 30

Certified Information Systems Auditor (CISA) certification, 23

Certified Information Systems Security Professional (CISSP) certification, 23, 30

CFO (chief financial officer), 4, 6

change management, 118-119, 274, 278-279, 288

change requests, for, 289

change-control documentation, 77

checkout of code, 259

chemical alarms, 85

chief executive officer (CEO), 4, 6, 63

chief financial officer (CFO), 4, 6

chief information officer (CIO), 7, 63

Chkrootkit, 201-202

chown command, 185

CIO (chief information officer), 7, 63

CISA (Certified Information Systems Auditor) certification, 23

Cisco-EAP Wireless (LEAP), 269

CISSP (Certified Information Systems Security Professional) certification, 23, 30

classification, data, 260-261

client/network libraries, 228-229

Clipbook utility, 145

closed items, in audit report, 54

CoBIT (Control Objectives for Information and Related Technologies), 38, 315-319

concepts, 316-317

connection with COSO, 319

IT governance, 318-319

overview, 315

website with information on, 79

code

checkout, modification, and versioning, 259

reviews, 220-221

testing, 260

collaboration, attitude of, 20

college hires, 25, 26

committee, audit, 4, 6

Committee of Sponsoring Organizations. See COSO

communication skills, of IT auditors, 27

communications method, security of, 269

Computer Emergency Response Team (CERT) notices, 188

configuration change management, 76-77

configuration files, backups for, 123

configuration management, 220

configuration values, 227-228

consultants

auditors as, 13

outside, 28

contractors, 28

contracts, with third-party services, 73

control deficiency (CD), 352

control gaps, 366-367

categorizing by severity, 366

choosing controls, 366-367

identifying potential controls, 366

overview, 366

rating controls by cost and effectiveness, 366-367

combining, 366

determining process component control gaps, 365

implementing controls, 367

overview, 366

recalculating risk ratings, 367

validating new controls, 367

Control Objectives for Information and Related Technologies. See CoBIT

control self-assessment (CSA) model, 17

controls

See also internal controls

entity-level, auditing, 61-81

background, 61-62

knowledge base, 79

master checklist, 80-81

overview, 61

test steps, 62-79

environmental controls, 92-93

facility-based, 84-85

access-control systems, 84

alarm systems, 84-85

fire-suppression systems, 85

overview, 84

physical access control, 90-92

conversion plan, for projects, 299-300

cooperation, attitude of, 20

core dumps, 129

corporate financial regulation, history of, 328

corrective controls (reactive controls), 34

COSO (Committee of Sponsoring Organizations), 308-315

definition of internal control, 309

enterprise risk management-integrated framework, 311-315

control activities, 314

COSO effect on IT controls, 315

definition of enterprise risk management, 312

event identification, 313

impact of COSO, 314-315

information and communication, 314

internal environment, 313

monitoring, 314

object setting, 313

overview, 311-313

relationship with internal control-integrated framework, 314

risk assessment, 313

risk response, 314

internal control-integrated framework, 309-311

component relationships, 311

control activities, 310

control environment, 310

information and communication, 310-311

monitoring, 311

overview, 309-310

risk assessment, 310

website with information on, 79

key concepts of internal control, 309

overview, 308-309

cosourcing, 28

costs

of internal auditors, justifying, 7

tracking for projects, 290

Crack tool, 202

credibility, 19

crime rate, around data centers, 89-90

crontabs, 186-187

cross-site scripting (XSS) vulnerabilities, 216-217

CSA (control self-assessment) model, 17

customer steering teams, 72

customers, use of term, 20


Previous page
Table of content
Next page
IT Auditing. Using Controls to Protect Information Assets
It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
ISBN: B001TI1HNG
EAN: N/A
Year: 2004
Pages: 159
BUY ON AMAZON
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Image Processing with LabVIEW and IMAQ Vision
Postfix: The Definitive Guide
Special Edition Using Crystal Reports 10
File System Forensic Analysis
.NET System Management Services
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy