JMeter, 221
job descriptions, 70
John the Ripper tool, 202
John utility, 149
kernel, security over, 184
key controls, in audit report, 54
kickoff meeting, 43-44
kismet, 272
Knoppix, 166, 272
knowledge sharing, 14-16
after training, 30
common issues, best practices, and innovative solutions, 15-16
control guidelines, 14-15
with
overview, 14
tools, 16
LAN auditing.
See
wireless
LANs (local area networks), 115-116
layer 2 devices, 126
layer 3 switches, 115
LDAP, 171-172
leading projects, 28, 290-291
LEAP (Cisco-EAP Wireless), 269
learning, sources of, 29-30
certifications, 30
formal training, 29
knowledge sharing after training, 30
overview, 29
research time, 29
specialization, 29
learning ability, of IT
legal threats, 361-362
legal warning banner, 152, 195
legislation
history of corporate financial regulation, 328
overview, 327
regulatory impact on IT audit, 327-328
licenses, software, 74-75
life cycle, risk management, 356-368
overview, 356
phase 1: identifying information assets, 356-359
assigning information criticality values to information assets, 359
defining information criticality values, 357
identifying business functions, 357-358
mapping information processes, 358-359
overview, 356-357
phase 2: quantifying and qualifying threats, 359-364
assessing business threats, 361-362
identifying process component threats, 363-364
identifying technical, physical, and administrative threats, 362-363
overview, 359-361
quantifying threats, 364
phase 3: assessing vulnerabilities, 364-366
categorizing control gaps by severity, 366
combining control gaps, 366
determining process component control gaps, 365
identifying existing controls, 365
overview, 364-365
phase 4: control gap
choosing controls, 366-367
implementing controls, 367
overview, 366
recalculating risk ratings, 367
validating new controls, 367
phase 5: managing ongoing risk, 367-368
creating risk baseline, 367-368
overview, 367
reassessing risk, 368
lighting of data centers, 88
Linux. See Unix and Linux operating systems auditing
local area networks (LANs), 115-116
location of data centers, 88
locks, cable, 160
logon auditing, 159
logs, 92, 124
audit logs
master checklist, 205
test steps, 196-199
wtmp log, 198
long-
MAC (media access control) addresses, 264, 272-273
man traps, 84, 91
management-response approach, to solution development, 47-48
mapping information processes, 358-359
MBSA (Microsoft Baseline Security Analyzer), 157, 159
media
disposal of, 77-78, 105-106
storage of, 105-106
transportation, storage, reuse, disposal, 77-78
media access control (MAC) addresses, 264, 272-273
meetings, with IT management, 19
Microsoft Baseline Security Analyzer (MBSA), 157, 159
Microsoft Database Engine (MSDE), 227
Microsoft Management Console (MMC), 152
Microsoft SQL Server, 226-227
middleware auditing, 21
minor issues, in audit report, 54
MIS Training Institute, 29
MMC (Microsoft Management Console), 152
mobile device auditing, 274-279
See also
wireless
background, 265-266
knowledge base, 280
master checklists, 281
operational audit, 277-279
overview, 274-275
technical audit, 275-277
tools and technology, 279-280
modems, 195
modification of code, 259
monitoring procedures, 102-103
monitoring state of security on system, 153-154, 199-200
MSDE (Microsoft Database Engine), 227
MySQL, 226