R


radio frequency identification (RFID) chips, 91

RAID (redundant array of inexpensive drives), 106

rating system, in audit reports, 302-303

rcrack utility, 149

reactive controls (corrective controls), 35

recommendation approach, to solution development, 46-47

recovery. See backup and recovery

redundant array of inexpensive drives (RAID), 106

redundant power feeds, 85, 94

regulations, 327-347

EU Commission and Basel II, 345

Gramm-Leach-Bliley Act (GLBA), 338-340

Federal Financial Institutions Examination Council (FFIEC), 340

overview, 338

requirements, 338-339

Health Insurance Portability and Accountability Act (HIPAA) of 1996, 342-345

impact on covered entities, 344-345

overview, 342

privacy and security rules, 343-344

legislation related to internal controls, 327-328

history of corporate financial

regulation, 328

overview, 327

regulatory impact on IT audit, 327-328

overview, 327

Payment Card Industry (PCI) Data Security Standard, 346-347

privacy regulations

California SB 1386, 340-341

international privacy laws, 341-342

trends, 342

Sarbanes-Oxley Act of 2002, 328-338

considerations for companies with multiple locations, 332

core points of, 329-331

financial impact of Sarbanes Oxley compliance on companies, 337-338

impact of third-party services on compliance, 332-333

impact on IT departments, 331-332

impact on public corporations, 329

overview, 328-329

specific IT controls required for compliance, 333-337

trends, 347

regulatory compliance, 38

regulatory threats, 362

relationship building, 17-20

learning to build partnerships, 19-20

attitude of collaboration and cooperation, 20

formal audit liaisons with different IT organizations, 19

getting invited to key meetings, 19

overview, 19

updates and meetings with IT management, 19

overview, 17-18

remote access, 75, 151, 188

remote journaling, 107

report drafting and issuance, 50-55

distributing audit report, 55

essential elements of audit report, 51-54

closed items, 54

executive summary, 51

key controls, 54

list of issues and action plans, 51-54

minor issues, 54

overview, 51, 54

statement of audit scope, 51

overview, 50-51

repudiation, 249

requirements

for audits, 300

for projects, 291-292

research time, 29

resource constraints, 12

Resource Kit tools, 138, 161

retention, data, 260-261

Retina Scanner, 154-155, 161

reuse of media, 77-78

RFID (radio frequency identification) chips, 91

.rhosts file, 182, 190-192

risk analysis, 351-355

common causes for inaccuracies in, 354-355

failure to identify assets, threats, or vulnerabilities, 354-355

inaccurate estimations, 355

overview, 354

elements of risk, 351-352

assets, 352

overview, 351

threats, 352

vulnerabilities, 352

overview, 351

risk management, 351-368

benefits of, 351

life cycle, 356-368

overview, 356

phase 1: identifying information assets, 356-359

phase 2: quantifying and qualifying threats, 359-364

phase 3: assessing vulnerabilities, 364-366

phase 4: control gap remediation, 366-367

phase 5: managing ongoing risk, 367-368

overview, 351

risk analysis, 351-355

common causes for inaccuracies in, 354-355

elements of risk, 351-352

overview, 351

practical application, 353-354

in practice, 354

summary of formulas, 368

risk-assessment processes, 69-70

risk-based audit scheduling, 12

rogue access points, 270

role of IT audit team, 20-23

information systems auditors, 22

IT auditors, 22-23

overview, 20-21

support for financial auditors, 22

root kits, 242

rotation of auditors, 27, 40

routers, 116, 129-130, 133

routing updates, authentication of, 129-130

rsop.msc tool, 139



IT Auditing. Using Controls to Protect Information Assets
It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]
ISBN: B001TI1HNG
EAN: N/A
Year: 2004
Pages: 159

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net