LAN auditing. See wireless local-area networks (LAN) auditing
LANs (local area networks), 115-116
layer 2 devices, 126
layer 3 switches, 115
LDAP, 171-172
leading projects, 28, 290-291
LEAP (Cisco-EAP Wireless), 269
learning, sources of, 29-30
certifications, 30
formal training, 29
knowledge sharing after training, 30
overview, 29
research time, 29
specialization, 29
learning ability, of IT auditors, 27
legal threats, 361-362
legal warning banner, 152, 195
legislation related to internal controls, 327-328
history of corporate financial regulation, 328
overview, 327
regulatory impact on IT audit, 327-328
licenses, software, 74-75
life cycle, risk management, 356-368
overview, 356
phase 1: identifying information assets, 356-359
assigning information criticality values to information assets, 359
defining information criticality values, 357
identifying business functions, 357-358
mapping information processes, 358-359
overview, 356-357
phase 2: quantifying and qualifying threats, 359-364
assessing business threats, 361-362
identifying process component threats, 363-364
identifying technical, physical, and administrative threats, 362-363
overview, 359-361
quantifying threats, 364
phase 3: assessing vulnerabilities, 364-366
categorizing control gaps by severity, 366
combining control gaps, 366
determining process component control gaps, 365
identifying existing controls, 365
overview, 364-365
phase 4: control gap remediation, 366-367
choosing controls, 366-367
implementing controls, 367
overview, 366
recalculating risk ratings, 367
validating new controls, 367
phase 5: managing ongoing risk, 367-368
creating risk baseline, 367-368
overview, 367
reassessing risk, 368
lighting of data centers, 88
Linux. See Unix and Linux operating systems auditing
local area networks (LANs), 115-116
location of data centers, 88
locks, cable, 160
logon auditing, 159
logs, 92, 124
audit logs
master checklist, 205
test steps, 196-199
wtmp log, 198
long-term technical planning, 65