P

packet-filtering firewalls, 117

packets, 116, 131

Paraben's Device Seizure, 276

Paros Proxy, 221

partnership building, 19-20

attitude of collaboration and cooperation, 20

formal audit liaisons with different IT organizations, 19

getting invited to key meetings, 19

overview, 19

updates and meetings with IT management, 19

parts inventories, 109-110

Password File, Unix, 170

passwords, 174-176, 179, 257-258

controls, 122-123, 146-149

for databases, 236-238

for remote access, 75

for web server access, 211-212

patch-management solution, 142, 158, 241-242

Payment Card Industry (PCI) Data Security Standard, 346-347

PCI (Payment Card Industry) Data Security Standard, 346-347

PDIO (planning, design, implementation, and operations), 250

PEAP (Protected EAP), 269

peer reviews, 295

pendmoves tool, 139, 143

people, processes, tools, and measures (PPTM), 248

performance indicators and measurements, 65

performance-review processes, 70

permissions

database, 232-234, 236

file system, 169-170

personal information management (PIM) services, 265

personnel, of data centers, 103-105

PHI (protected health information), 332

PHLAK, 272

physical access-control, 90-92, 101-102

physical authentication devices, in data center, 91

physical facilities auditing, 21

physical risk scenario, 353

physical security controls, 160

physical threats, identifying, 362-363

PIM (personal information management) services, 265

PIPEDA (Canadian Personal Information Protection and Electronic Document Act), 341-342

plain-text.info utility, 149

planning, design, implementation, and operations (PDIO), 250

policy coverage, 68

positive filtering, 214

postimplementation audits, 8

power continuity, 85, 92-96

PPTM (people, processes, tools, and measures), 248

preimplementation opinions, 8

preventive controls, 34-35

prioritizing

new projects, 66

tasks, for projects, 295

privacy regulations

California SB 1386, 340-341

international privacy laws, 341-342

Canadian Personal Information Protection and Electronic Document Act (PIPEDA), 341-342

European Directive on the Protection of Personal Data, 341

overview, 341

trends, 342

Proactive Password Auditor utility, 149

process component threats, 363-364

process of audit. See audit process

processes around policies, 69

procexp tool, 139

program files, 227

programmers, duties of, 64

project approval or review process, 9-10

project auditing, 283-304

background, 284-286

basic approaches to project auditing, 285

high-level goals of project audit, 284

overview, 284

seven major parts of project audit, 286

detailed design and system development

master checklist, 303

test steps, 294-295

implementation

master checklist, 304

test steps, 298-300

knowledge base, 301-302

overall project management

master checklist, 302

test steps, 287-291

overview, 283

project startup, 302-303

project wrap-up

master checklist, 304

test steps, 301

requirements gathering and initial design, 291-294

testing

master checklist, 303

test steps, 296-298

training

master checklist, 304

test steps, 300-301

Protected EAP (PEAP), 269

protected health information (PHI), 332

protocols, secure, 194

proximity devices, in data center, 91

psfile tool, 152

psinfo tool, 139, 158-159

Pslist tool, 139

psservice tool, 139, 144

pstools, 141

Public Company Accounting Reform and Investor Protection Act. See Sarbanes-Oxley Act of 2002

PUBLIC permissions, 234-235

pwdump tool, 139