The IT Regulatory and Standards Compliance Handbook : How to Survive Information Systems Audit and Assessments
By: Wright, Craig S.Material type: TextSeries: eBooks on Demand.Publisher: Burlington : Elsevier Science, 2014Description: 1 online resource (758 p.).ISBN: 9780080560175.Subject(s): Information resources management - Auditing | Information technology - Management | Information technologyGenre/Form: Electronic books.Additional physical formats: Print version:: The IT Regulatory and Standards Compliance Handbook:DDC classification: 658.478 Online resources: Click here to view this ebook.
|Item type||Current location||Call number||URL||Status||Date due||Barcode|
|Electronic Book||UT Tyler Online Online||HF5548.35.W75 2008 (Browse shelf)||http://uttyler.eblib.com/patron/FullRecord.aspx?p=405535||Available||EBL405535|
Front Cover; The IT Regulatory and Standards Compliance Handbook; Copyright Page; Lead Author; Technical Editors; Contents; Chapter 1: Introduction to IT Compliance; Introduction; Does Security Belong within IT?; Management Support; Job Roles and Responsibilities; What Are Audits, Assessments, and Reviews?; Audit; Inspection and Reviews; Penetration Tests and Red Teaming; Ethical Attacks; Vulnerability Assessment; GAP Analysis; Black and White Box Testing; Tools-Based Scanning; Agreed Procedures Review; Acceptance Testing; Data Conversion; The Taxonomy; Vulnerability; Threat-Source; Threat
RiskRisk Management; The Decision Test of the Process; Controls; Definition of Internal Control; Key Concepts; Key Controls; Operational Controls; General Controls; Application Controls; IT Governance; Other Terms; Objectivity; Ethics; Ethics, "The 10 Commandments of Computer Ethics"; Planning; Examining and Evaluating Information; A Preliminary Survey; The Program-Criteria for Defining Procedures; The Program; Introduction and Background; Purpose and Scope of the Report; Objectives of the Project; Definition of Terms; Procedures; ISACA; CISA; COBIT; GSNA (SANS/GIAC)
IIA (The Institute of Internal Auditors)CIA; FISCAM; Summary; Chapter 2: Evolution of Information Systems; Introduction; Terminology Used in This Book; The Primary Objective of Auditing; The Threat Scene; Threats; Attack Levels; Critical; High; Medium; Low; Suspicious; Modifiers; A High Volume of Attacks; Skilled and/or Unexpected Attacks; Definition Matrix; Threat Matrix; Targeted Attacks; "Hacktivisim"; Cyber Terrorism; Common Criminals; Insider Attacks; Miscellaneous Attackers; Methods of Attack; Information Collection; Unobtrusive Public Research; Social Engineering; Scanning
System Break-InsFollow-up and Continuing Attacks; Attack Chaining; Vandalism; Denial-of-Service (DoS) Attacks; Single-Message DoS Attacks; Flooding Denial-of-Service (DDoS) Attacks or Distributed DoS Attacks; Smurf Attacks; Land Attacks; Flooding Attacks; Hostile Code; What Is Hostile Code?; Viruses; Bombs; Trojans; Worms; Policy > Procedure > Audit; Summary; Chapter 3: The Information Systems Audit Program; Introduction; Audit Checklists; Baselines; Baselines and Automation; Assurance; Testing Your Organization's Security; Objectivity; Standards and Ethics
Protection Testing, Internet Security Assessments, and Ethical AttacksProtection Testing or Internet Assessments; Why People Do Protection Testing; Penetration Testing or Ethical Attacks Vs Protection Testing; Miscellaneous Tests; Server Operating System Security Analysis; Phone Line Scanning; Phone / War dialing Audit Project Tasks; Social Engineering; BCP/DR Testing: Disaster Readiness Assessment; What Is Covered in a BCP/DR Review?; What Does BCP Cover?; Developing an Audit Manual; Preliminary Survey; Criteria for Defining Procedures; The Program; When to Prepare the Program
The Final Report
This book provides comprehensive methodology, enabling the staff charged with an IT security audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This ""roadmap"" provides a way of interpreting complex, often confusing, compliance requirements within the larger scope of an organization's overall needs.<br><br><br>Key Features:<br><br>* The ulitmate guide to making an effective security policy and controls that enable monitoring and testing against them<br>* The most comprehensive IT compliance templa
Description based upon print version of record.