Back Cover

Plan for and manage an effective IT audit program using the in-depth information contained in this comprehensive resource. Written by experienced IT audit and security professionals, IT Auditing: Using Controls to Protect Information Assets covers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates. Inside, you'll learn how to analyze Windows, UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, you'll get up-to-date information on legal standards and practices, privacy and ethical issues, and the CobiT standard.

Build and maintain an IT audit function with maximum effectiveness and value

• Implement best practice IT audit processes and controls
• Analyze UNIX-, Linux-, and Windows-based operating systems
• Audit network routers, switches, firewalls, WLANs, and mobile devices
• Evaluate entity-level controls, data centers, and disaster recovery plans
• Examine Web servers, platforms, and applications for vulnerabilities
• Review databases for critical controls
• Use the COSO, CobiT, ITIL, ISO, and NSA INFOSEC methodologies
• Implement sound risk analysis and risk management practices
• Drill down into applications to find potential control weaknesses

About the Authors

Chris Davis, CISA, CISSP, leverages his experience auditing IT systems for Texas Instruments. Mr. Davis has trained and presented in information security, advanced computer forensic analysis, and hardware security design. He actively teaches auditing and certification curriculum for Southern Methodist University and is the author and contributor to several books and publications. His contributions include projects and presentations for SANS, Gartner, Harvard, BlackHat, and 3GSM. He has enjoyed positions at Texas Instruments, Austin Microsoft Technology Center, and Cisco Systems. He holds a bachelor's degree in nuclear engineering technologies from Thomas Edison, and a master's in business from the University of Texas at Austin. Chris was a U.S. Navy submariner, and served on the deep dive Submarine NR-1 and the ballistic missile OHIO class USS Nebraska, SSBN 739, Blue Crew.

Mike Schiller, CISA, has 14 years of experience in the IT audit field, most recently as the worldwide IT audit manager at Texas Instruments(TI). Prior to that, Mike served as the IT audit manager at The Sabre Group, where he served as the company's first-ever IT audit manager, creating the IT audit function, team, and processes from the ground up. Mike also has several years of experience as a senior IT auditor, programmer/analyst, and manager of IT support teams. He is involved in multiple industry IT audit organizations and has been a presenter at IT conferences such as ASUG. In addition to his years of experience in corporate management, Mike is also heavily involved in leadership at his church, Richardson East Church of Christ. He has a bachelor's degree in business analysis from Texas A&M University.

Kevin Wheeler, CISA, CISSP, NSA IAM/IEM, is the founder and CEO of InfoDefense, an information security consultancy. Mr. Wheeler's project and employment portfolio includes organizations such as Bank of America, EDS, McAfee, Southern Methodist University and the State of Texas. He has performed information security audits and assessments as well as information security design, computer incident response, business continuity planning, and IT security training for both government and commercial entities in the financial services, healthcare, and IT services industries. He holds a bachelor of business administration degree from Baylor University and is an active member of ISSA, ISACA, Infragard, the North Texas Electronic Crimes Task Force, and Greater Dallas Chamber of Commerce.