Normal view MARC view ISBD view

The IT Regulatory and Standards Compliance Handbook : How to Survive Information Systems Audit and Assessments

By: Wright, Craig S.
Material type: TextTextSeries: eBooks on Demand.Publisher: Burlington : Elsevier Science, 2014Description: 1 online resource (758 p.).ISBN: 9780080560175.Subject(s): Information resources management - Auditing | Information technology - Management | Information technologyGenre/Form: Electronic books.Additional physical formats: Print version:: The IT Regulatory and Standards Compliance Handbook:DDC classification: 658.478 Online resources: Click here to view this ebook.
Contents:
Front Cover; The IT Regulatory and Standards Compliance Handbook; Copyright Page; Lead Author; Technical Editors; Contents; Chapter 1: Introduction to IT Compliance; Introduction; Does Security Belong within IT?; Management Support; Job Roles and Responsibilities; What Are Audits, Assessments, and Reviews?; Audit; Inspection and Reviews; Penetration Tests and Red Teaming; Ethical Attacks; Vulnerability Assessment; GAP Analysis; Black and White Box Testing; Tools-Based Scanning; Agreed Procedures Review; Acceptance Testing; Data Conversion; The Taxonomy; Vulnerability; Threat-Source; Threat
RiskRisk Management; The Decision Test of the Process; Controls; Definition of Internal Control; Key Concepts; Key Controls; Operational Controls; General Controls; Application Controls; IT Governance; Other Terms; Objectivity; Ethics; Ethics, "The 10 Commandments of Computer Ethics"; Planning; Examining and Evaluating Information; A Preliminary Survey; The Program-Criteria for Defining Procedures; The Program; Introduction and Background; Purpose and Scope of the Report; Objectives of the Project; Definition of Terms; Procedures; ISACA; CISA; COBIT; GSNA (SANS/GIAC)
IIA (The Institute of Internal Auditors)CIA; FISCAM; Summary; Chapter 2: Evolution of Information Systems; Introduction; Terminology Used in This Book; The Primary Objective of Auditing; The Threat Scene; Threats; Attack Levels; Critical; High; Medium; Low; Suspicious; Modifiers; A High Volume of Attacks; Skilled and/or Unexpected Attacks; Definition Matrix; Threat Matrix; Targeted Attacks; "Hacktivisim"; Cyber Terrorism; Common Criminals; Insider Attacks; Miscellaneous Attackers; Methods of Attack; Information Collection; Unobtrusive Public Research; Social Engineering; Scanning
System Break-InsFollow-up and Continuing Attacks; Attack Chaining; Vandalism; Denial-of-Service (DoS) Attacks; Single-Message DoS Attacks; Flooding Denial-of-Service (DDoS) Attacks or Distributed DoS Attacks; Smurf Attacks; Land Attacks; Flooding Attacks; Hostile Code; What Is Hostile Code?; Viruses; Bombs; Trojans; Worms; Policy > Procedure > Audit; Summary; Chapter 3: The Information Systems Audit Program; Introduction; Audit Checklists; Baselines; Baselines and Automation; Assurance; Testing Your Organization's Security; Objectivity; Standards and Ethics
Protection Testing, Internet Security Assessments, and Ethical AttacksProtection Testing or Internet Assessments; Why People Do Protection Testing; Penetration Testing or Ethical Attacks Vs Protection Testing; Miscellaneous Tests; Server Operating System Security Analysis; Phone Line Scanning; Phone / War dialing Audit Project Tasks; Social Engineering; BCP/DR Testing: Disaster Readiness Assessment; What Is Covered in a BCP/DR Review?; What Does BCP Cover?; Developing an Audit Manual; Preliminary Survey; Criteria for Defining Procedures; The Program; When to Prepare the Program
The Final Report
Summary: This book provides comprehensive methodology, enabling the staff charged with an IT security audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This ""roadmap"" provides a way of interpreting complex, often confusing, compliance requirements within the larger scope of an organization's overall needs.<br><br><br>Key Features:<br><br>* The ulitmate guide to making an effective security policy and controls that enable monitoring and testing against them<br>* The most comprehensive IT compliance templa
Tags from this library: No tags from this library for this title. Log in to add tags.
Item type Current location Call number URL Status Date due Barcode
Electronic Book UT Tyler Online
Online
HF5548.35.W75 2008 (Browse shelf) http://uttyler.eblib.com/patron/FullRecord.aspx?p=405535 Available EBL405535

Front Cover; The IT Regulatory and Standards Compliance Handbook; Copyright Page; Lead Author; Technical Editors; Contents; Chapter 1: Introduction to IT Compliance; Introduction; Does Security Belong within IT?; Management Support; Job Roles and Responsibilities; What Are Audits, Assessments, and Reviews?; Audit; Inspection and Reviews; Penetration Tests and Red Teaming; Ethical Attacks; Vulnerability Assessment; GAP Analysis; Black and White Box Testing; Tools-Based Scanning; Agreed Procedures Review; Acceptance Testing; Data Conversion; The Taxonomy; Vulnerability; Threat-Source; Threat

RiskRisk Management; The Decision Test of the Process; Controls; Definition of Internal Control; Key Concepts; Key Controls; Operational Controls; General Controls; Application Controls; IT Governance; Other Terms; Objectivity; Ethics; Ethics, "The 10 Commandments of Computer Ethics"; Planning; Examining and Evaluating Information; A Preliminary Survey; The Program-Criteria for Defining Procedures; The Program; Introduction and Background; Purpose and Scope of the Report; Objectives of the Project; Definition of Terms; Procedures; ISACA; CISA; COBIT; GSNA (SANS/GIAC)

IIA (The Institute of Internal Auditors)CIA; FISCAM; Summary; Chapter 2: Evolution of Information Systems; Introduction; Terminology Used in This Book; The Primary Objective of Auditing; The Threat Scene; Threats; Attack Levels; Critical; High; Medium; Low; Suspicious; Modifiers; A High Volume of Attacks; Skilled and/or Unexpected Attacks; Definition Matrix; Threat Matrix; Targeted Attacks; "Hacktivisim"; Cyber Terrorism; Common Criminals; Insider Attacks; Miscellaneous Attackers; Methods of Attack; Information Collection; Unobtrusive Public Research; Social Engineering; Scanning

System Break-InsFollow-up and Continuing Attacks; Attack Chaining; Vandalism; Denial-of-Service (DoS) Attacks; Single-Message DoS Attacks; Flooding Denial-of-Service (DDoS) Attacks or Distributed DoS Attacks; Smurf Attacks; Land Attacks; Flooding Attacks; Hostile Code; What Is Hostile Code?; Viruses; Bombs; Trojans; Worms; Policy > Procedure > Audit; Summary; Chapter 3: The Information Systems Audit Program; Introduction; Audit Checklists; Baselines; Baselines and Automation; Assurance; Testing Your Organization's Security; Objectivity; Standards and Ethics

Protection Testing, Internet Security Assessments, and Ethical AttacksProtection Testing or Internet Assessments; Why People Do Protection Testing; Penetration Testing or Ethical Attacks Vs Protection Testing; Miscellaneous Tests; Server Operating System Security Analysis; Phone Line Scanning; Phone / War dialing Audit Project Tasks; Social Engineering; BCP/DR Testing: Disaster Readiness Assessment; What Is Covered in a BCP/DR Review?; What Does BCP Cover?; Developing an Audit Manual; Preliminary Survey; Criteria for Defining Procedures; The Program; When to Prepare the Program

The Final Report

This book provides comprehensive methodology, enabling the staff charged with an IT security audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This ""roadmap"" provides a way of interpreting complex, often confusing, compliance requirements within the larger scope of an organization's overall needs.<br><br><br>Key Features:<br><br>* The ulitmate guide to making an effective security policy and controls that enable monitoring and testing against them<br>* The most comprehensive IT compliance templa

Description based upon print version of record.

There are no comments for this item.

Log in to your account to post a comment.