It Auditing: Using Controls to Protect Information Assets [IT AUDITING -OS N/D]

ISBN: B001TI1HNG
EAN: N/A

Year: 2004
Pages: 159

BUY ON AMAZON

Table of Contents
Back Cover
IT Auditing-Using Controls to Protect Information Assets
Foreword
Introduction
How This Book Is Organized
A Final Word to Our Readers
Part I: Audit Overview
Chapter 1: Building an Effective Internal IT Audit Function
Independence-The Great Myth
Consulting and Early Involvement-There s More to Being an Auditor than Auditing
Four Methods for Consulting and Early Involvement-Your Toolkit
Relationship Building-Partnering versus Policing
The Role of the IT Audit Team
Forming and Maintaining an Effective IT Audit Team
IT Professionals
Career IT Auditors versus IT Professionals-Final Thoughts
Maintaining Expertise
Relationship with External Auditors
Summary
Chapter 2: The Audit Process
Determining What to Audit
The Stages of an Audit
Standards
Summary
Part II: Auditing Techniques
Chapter 3: Auditing Entity-Level Controls
Test Steps
Knowledge Base
Master Checklist
Chapter 4: Auditing Data Centers and Disaster Recovery
Data Center Auditing Essentials
Auditing Data Centers
Neighborhood and Environment
Physical Access Control
Environmental Controls
Power Continuity
Alarm Systems
Fire Suppression
Surveillance Systems
Data Center Operations
Auditing Disaster Recovery
System Resiliency
Data Backup and Restore
Disaster Recovery Planning
Knowledge Base
Master Checklists
Chapter 5: Auditing Switches, Routers, and Firewalls
Network Auditing Essentials
Auditing Switches, Routers, and Firewalls
General Network Equipment Audit Steps
Additional Switch Controls-Layer 2
Additional Router Controls-Layer 3
Additional Firewall Controls
Tools and Technologies-Auditing Networking Equipment
Knowledge Base
Master Checklists
Chapter 6: Auditing Windows Operating Systems
Windows Auditing Basics
Performing the Audit
Windows Server Test Steps
Setup and General Controls
Review Services, Installed Applications, and Scheduled Tasks
Account Management and Password Controls
Review User Rights and Security Options
Network Security and Controls
Tools and Technology
Knowledge Base
Master Checklists
Chapter 7: Auditing Unix and Linux Operating Systems
Getting Around
Test Steps
Tools and Technology
Knowledge Base
Master Checklists
Chapter 8: Auditing Web Servers
Web Auditing Essentials
Auditing Web Platforms and Web Applications
Auditing Web Servers
Auditing Web Applications
Tools and Technologies
Knowledge Base
Master Checklists
Chapter 9: Auditing Databases
Database Basics
Performing the Audit
Tools and Technology
Knowledge Base
Master Checklist
Chapter 10: Auditing Applications
Generalized Frameworks
Best Practices
Performing the Application Audit
Master Checklists
Chapter 11: Auditing WLAN and Mobile Devices
WLAN and Mobile Device Auditing Essentials
Performing the Wireless LAN Audit
Performing the Mobile Device Audit
Additional Considerations
Tools and Technology
Knowledge Base
Master Checklists
Chapter 12: Auditing Company Projects
Test Steps
Testing
Implementation
Training
Project Wrap-up
Knowledge Base
Master Checklists
Part III: Frameworks, Standards, and Regulations
Chapter 13: Frameworks and Standards
COSO
CoBIT
ITIL
ISO 27001ISO 17799BS 7799
NSA INFOSEC Assessment Methodology
Frameworks and Standards Trends
References
Chapter 14: Regulations
The Sarbanes-Oxley Act of 2002
Gramm-Leach-Bliley Act
Privacy Regulations Such as California SB 1386
Health Insurance Portability and Accountability Act of 1996
EU Commission and Basel II
Payment Card Industry (PCI) Data Security Standard
Other Regulatory Trends
Chapter 15: Risk Management
Risk Analysis
IT Risk Management Life Cycle
Summary of Formulas
Index
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y-Z
List of Figures
List of Tables