IT Audit, Control, and Security

IT Audit, Control, and Security

Author: Robert R. Moeller

Publisher: John Wiley & Sons

Published: 2010-10-12

Total Pages: 696

ISBN-13: 0470877685

DOWNLOAD EBOOK

When it comes to computer security, the role of auditors today has never been more crucial. Auditors must ensure that all computers, in particular those dealing with e-business, are secure. The only source for information on the combined areas of computer audit, control, and security, the IT Audit, Control, and Security describes the types of internal controls, security, and integrity procedures that management must build into its automated systems. This very timely book provides auditors with the guidance they need to ensure that their systems are secure from both internal and external threats.


Cyber Security and Privacy Control

Cyber Security and Privacy Control

Author: Robert R. Moeller

Publisher: John Wiley & Sons

Published: 2011-04-12

Total Pages: 696

ISBN-13: 1118035763

DOWNLOAD EBOOK

This section discusses IT audit cybersecurity and privacy control activities from two focus areas. First is focus on some of the many cybersecurity and privacy concerns that auditors should consider in their reviews of IT-based systems and processes. Second focus area includes IT Audit internal procedures. IT audit functions sometimes fail to implement appropriate security and privacy protection controls over their own IT audit processes, such as audit evidence materials, IT audit workpapers, auditor laptop computer resources, and many others. Although every audit department is different, this section suggests best practices for an IT audit function and concludes with a discussion on the payment card industry data security standard data security standards (PCI-DSS), a guideline that has been developed by major credit card companies to help enterprises that process card payments prevent credit card fraud and to provide some protection from various credit security vulnerabilities and threats. IT auditors should understand the high-level key elements of this standard and incorporate it in their review where appropriate.


Critical Information Infrastructures Security

Critical Information Infrastructures Security

Author: Eric Luiijf

Publisher: Springer

Published: 2019-01-03

Total Pages: 241

ISBN-13: 3030058492

DOWNLOAD EBOOK

This book constitutes revised selected papers from the 13th International Conference on Critical Information Infrastructures Security, CRITIS 2018, held in Kaunas, Lithuania, in September 2018.The 16 full papers and 3 short papers presented were carefully reviewed and selected from 61 submissions. They are grouped in the following topical sections: advanced analysis of critical energy systems, strengthening urban resilience, securing internet of things and industrial control systems, need and tool sets for industrial control system security, and advancements in governance and resilience of critical infrastructures.


Elections

Elections

Author: David A. Powner

Publisher: DIANE Publishing

Published: 2006-03

Total Pages: 106

ISBN-13: 9781422304396

DOWNLOAD EBOOK

The Help America Vote Act of 2002 established the Election Assistance Comm. (EAC) to help improve state & local admin. of fed. elections & authorized funding for state & local governments to expand their use of electronic voting systems. EAC began operations in Jan. 2004. However, reported problems with electronic voting systems have led to questions about the security & reliability of these systems. This report: (1) determines the significant security & reliability concerns identified about electronic voting systems; (2) identifies recommended practices relevant to ensuring the security & reliability of these systems; & (3) describes actions taken or planned to improve their security & reliability. Charts & tables.


Official (ISC)2® Guide to the CISSP®-ISSEP® CBK®

Official (ISC)2® Guide to the CISSP®-ISSEP® CBK®

Author: Susan Hansche

Publisher: CRC Press

Published: 2005-09-29

Total Pages: 922

ISBN-13: 1135483086

DOWNLOAD EBOOK

The Official (ISC)2 Guide to the CISSP-ISSEP CBK provides an inclusive analysis of all of the topics covered on the newly created CISSP-ISSEP Common Body of Knowledge. The first fully comprehensive guide to the CISSP-ISSEP CBK, this book promotes understanding of the four ISSEP domains: Information Systems Security Engineering (ISSE); Certifica


Security Controls Evaluation, Testing, and Assessment Handbook

Security Controls Evaluation, Testing, and Assessment Handbook

Author: Leighton Johnson

Publisher: Academic Press

Published: 2019-11-21

Total Pages: 790

ISBN-13: 0128206241

DOWNLOAD EBOOK

Security Controls Evaluation, Testing, and Assessment Handbook, Second Edition, provides a current and well-developed approach to evaluate and test IT security controls to prove they are functioning correctly. This handbook discusses the world of threats and potential breach actions surrounding all industries and systems. Sections cover how to take FISMA, NIST Guidance, and DOD actions, while also providing a detailed, hands-on guide to performing assessment events for information security professionals in US federal agencies. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements and evaluation efforts. - Provides direction on how to use SP800-53A, SP800-115, DOD Knowledge Service, and the NIST Families assessment guides to implement thorough evaluation efforts - Shows readers how to implement proper evaluation, testing, assessment procedures and methodologies, with step-by-step walkthroughs of all key concepts - Presents assessment techniques for each type of control, provides evidence of assessment, and includes proper reporting techniques


FISMA and the Risk Management Framework

FISMA and the Risk Management Framework

Author: Daniel R. Philpott

Publisher: Newnes

Published: 2012-12-31

Total Pages: 585

ISBN-13: 1597496421

DOWNLOAD EBOOK

FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security deals with the Federal Information Security Management Act (FISMA), a law that provides the framework for securing information systems and managing risk associated with information resources in federal government agencies. Comprised of 17 chapters, the book explains the FISMA legislation and its provisions, strengths and limitations, as well as the expectations and obligations of federal agencies subject to FISMA. It also discusses the processes and activities necessary to implement effective information security management following the passage of FISMA, and it describes the National Institute of Standards and Technology's Risk Management Framework. The book looks at how information assurance, risk management, and information systems security is practiced in federal government agencies; the three primary documents that make up the security authorization package: system security plan, security assessment report, and plan of action and milestones; and federal information security-management requirements and initiatives not explicitly covered by FISMA. This book will be helpful to security officers, risk managers, system owners, IT managers, contractors, consultants, service providers, and others involved in securing, managing, or overseeing federal information systems, as well as the mission functions and business processes supported by those systems. - Learn how to build a robust, near real-time risk management system and comply with FISMA - Discover the changes to FISMA compliance and beyond - Gain your systems the authorization they need