IT Auditing: Using Controls to Protect Information Assets
Published on 16. February 2007
Book
Paperback/Softback
387 pages
978-0-07-226343-5 (ISBN)
Description
Protect Your Systems with Proven IT Auditing Strategies "A must-have for auditors and IT professionals." -Doug Dexter, CISSP-ISSMP, CISA, Audit Team Lead, Cisco Systems, Inc.
Plan for and manage an effective IT audit program using the in-depth information contained in this comprehensive resource. Written by experienced IT audit and security professionals, IT Auditing: Using Controls to Protect Information Assets covers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates. Inside, you'll learn how to analyze Windows, UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, you'll get up-to-date information on legal standards and practices, privacy and ethical issues, and the CobiT standard.
Build and maintain an IT audit function with maximum effectiveness and value
Implement best practice IT audit processes and controls
Analyze UNIX-, Linux-, and Windows-based operating systems
Audit network routers, switches, firewalls, WLANs, and mobile devices
Evaluate entity-level controls, data centers, and disaster recovery plans
Examine Web servers, platforms, and applications for vulnerabilities
Review databases for critical controls
Use the COSO, CobiT, ITIL, ISO, and NSA INFOSEC methodologies
Implement sound risk analysis and risk management practices
Drill down into applications to find potential control weaknesses
Plan for and manage an effective IT audit program using the in-depth information contained in this comprehensive resource. Written by experienced IT audit and security professionals, IT Auditing: Using Controls to Protect Information Assets covers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates. Inside, you'll learn how to analyze Windows, UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, you'll get up-to-date information on legal standards and practices, privacy and ethical issues, and the CobiT standard.
Build and maintain an IT audit function with maximum effectiveness and value
Implement best practice IT audit processes and controls
Analyze UNIX-, Linux-, and Windows-based operating systems
Audit network routers, switches, firewalls, WLANs, and mobile devices
Evaluate entity-level controls, data centers, and disaster recovery plans
Examine Web servers, platforms, and applications for vulnerabilities
Review databases for critical controls
Use the COSO, CobiT, ITIL, ISO, and NSA INFOSEC methodologies
Implement sound risk analysis and risk management practices
Drill down into applications to find potential control weaknesses
More details
Language
English
Place of publication
United States
Publishing group
McGraw-Hill Education - Europe
Target group
Professional and scholarly
Illustrations
20 Illustrations
Dimensions
Height: 231 mm
Width: 188 mm
Thickness: 22 mm
Weight
670 gr
ISBN-13
978-0-07-226343-5 (9780072263435)
Copyright in bibliographic data and cover images is held by Nielsen Book Services Limited or by the publishers or by their respective licensors: all rights reserved.
Schweitzer Classification
Persons
Chris Davis, CISA, CISSP (Dallas, TX) is a senior IT auditor for Texas Instruments and author of the best-selling Hacking Exposed: Computer Forensics.
Mike Schiller, CISA (Dallas, TX) is the worldwide IT audit manager at Texas Instruments.
Kevin Wheeler, CISSP, CISA, NSA IAM/IEM (Carrollton, TX) is the founder and CEO of InfoDefense.
Mike Schiller, CISA (Dallas, TX) is the worldwide IT audit manager at Texas Instruments.
Kevin Wheeler, CISSP, CISA, NSA IAM/IEM (Carrollton, TX) is the founder and CEO of InfoDefense.
Content
Part I: Audit OverviewChapter 1. Building an Effective Internal IT Audit Function Chapter 2. The Audit Process Part II: Auditing TechniquesChapter 3. Auditing Entity-Level Controls Chapter 4. Auditing Data Centers and Disaster Recovery Chapter 5. Auditing Switches, Routers, and Firewalls Chapter 6. Auditing Windows Operating Systems Chapter 7. Auditing Unix and Linux Operating Systems Chapter 8. Auditing Web Servers Chapter 9. Auditing Databases Chapter 10.Auditing Applications Chapter 11.Auditing WLAN and Mobile Devices Chapter 12.Auditing Company Projects Part III: Frameworks, Standards, and RegulationsChapter 13.Frameworks and StandardsChapter 14.Regulations Chapter 15: Risk ManagementIndex