IT Auditing: Using Controls to Protect Information Assets
IT Auditing: Using Controls to Protect Information Assets

Author: Chris Davis

Publisher: McGraw Hill Professional

Published: 2007-01-12

Total Pages: 417

ISBN-13: 0071631763

DOWNLOAD EBOOK

Protect Your Systems with Proven IT Auditing Strategies "A must-have for auditors and IT professionals." -Doug Dexter, CISSP-ISSMP, CISA, Audit Team Lead, Cisco Systems, Inc. Plan for and manage an effective IT audit program using the in-depth information contained in this comprehensive resource. Written by experienced IT audit and security professionals, IT Auditing: Using Controls to Protect Information Assets covers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates. Inside, you'll learn how to analyze Windows, UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, you'll get up-to-date information on legal standards and practices, privacy and ethical issues, and the CobiT standard. Build and maintain an IT audit function with maximum effectiveness and value Implement best practice IT audit processes and controls Analyze UNIX-, Linux-, and Windows-based operating systems Audit network routers, switches, firewalls, WLANs, and mobile devices Evaluate entity-level controls, data centers, and disaster recovery plans Examine Web servers, platforms, and applications for vulnerabilities Review databases for critical controls Use the COSO, CobiT, ITIL, ISO, and NSA INFOSEC methodologies Implement sound risk analysis and risk management practices Drill down into applications to find potential control weaknesses

IT Audit, Control, and Security
IT Audit, Control, and Security

Author: Robert R. Moeller

Publisher: John Wiley & Sons

Published: 2010-10-12

Total Pages: 696

ISBN-13: 0470877685

DOWNLOAD EBOOK

When it comes to computer security, the role of auditors today has never been more crucial. Auditors must ensure that all computers, in particular those dealing with e-business, are secure. The only source for information on the combined areas of computer audit, control, and security, the IT Audit, Control, and Security describes the types of internal controls, security, and integrity procedures that management must build into its automated systems. This very timely book provides auditors with the guidance they need to ensure that their systems are secure from both internal and external threats.

Information Technology Auditing
Information Technology Auditing

Author: Jagdish Pathak

Publisher: Springer Science & Business Media

Published: 2005-08-15

Total Pages: 246

ISBN-13: 3540274863

DOWNLOAD EBOOK

An evolving agenda of Information Technology Auditing is subject of this book. The author presents various current and future issues in the domain of IT Auditing in both scholarly as well as highly practice-driven manner so as to make those issues clear in the mind of an IT auditor. The aim of the book is not to delve deep on the technologies but the impact of these technologies on practices and procedures of IT auditors. Among the topics are complex integrated information systems, enterprise resource planning, databases, complexities of internal controls, and enterprise application integration - all seen from an auditor's perspective. The book will serve a big purpose of support reference for an auditor dealing with the high-tech environment for the first time, but also for experienced auditors.

Auditor's Guide to Information Systems Auditing
Auditor's Guide to Information Systems Auditing

Author: Richard E. Cascarino

Publisher: John Wiley & Sons

Published: 2007-06-15

Total Pages: 510

ISBN-13: 0470127031

DOWNLOAD EBOOK

Praise for Auditor's Guide to Information Systems Auditing "Auditor's Guide to Information Systems Auditing is the most comprehensive book about auditing that I have ever seen. There is something in this book for everyone. New auditors will find this book to be their bible-reading it will enable them to learn what the role of auditors really is and will convey to them what they must know, understand, and look for when performing audits. For experiencedauditors, this book will serve as a reality check to determine whether they are examining the right issues and whether they are being sufficiently comprehensive in their focus. Richard Cascarino has done a superb job." —E. Eugene Schultz, PhD, CISSP, CISM Chief Technology Officer and Chief Information Security Officer, High Tower Software A step-by-step guide tosuccessful implementation and control of information systems More and more, auditors are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many auditors are unfamiliar with the techniques they need to know to efficiently and effectively determine whether information systems are adequately protected. Auditor's Guide to Information Systems Auditing presents an easy, practical guide for auditors that can be applied to all computing environments. As networks and enterprise resource planning systems bring resources together, and as increasing privacy violations threaten more organization, information systems integrity becomes more important than ever. With a complimentary student'sversion of the IDEA Data Analysis Software CD, Auditor's Guide to Information Systems Auditing empowers auditors to effectively gauge the adequacy and effectiveness of information systems controls.

Handbook of Heterogeneous Networking
Handbook of Heterogeneous Networking

Author: Raj Rajgopal

Publisher: CRC Press

Published: 2018-01-31

Total Pages: 1350

ISBN-13: 1351081071

DOWNLOAD EBOOK

Here is all the practical, hands-on information you need to build, manage and maintain a heterogeneous computing environment with hardware, software, and network equipment from a number of different vendors. Packed with real-world case studies and proven techniques for integrating disparate platforms, operating systems and servers, Handbook of Heterogeneous Computing is a one-stop, non-nonsense guide that shows you how to: * port and develop applications in a heterogeneous environment * manage desktops, data access, communications, and security in a heterogeneous environment * and build distributed heterogeneous systems What is best for your installation? Should you standardize on the Windows environment for both production applications and office applications? Should you adopt the Windows NT workstation as a standard desktop and use Windows NT as the network operating system? Handbook of Heterogeneous Computing details the advantages and disadvantages of these and other approaches. The book also explains: * the arts of porting and developing applications in a heterogeneous environment using Java, CGI/Perl, and other tools * how to build interfaces with mainframe legacy systems * how to use CORBA to integrate distributed database systems while at the same time managing database gateways and interoperability * how to manage interlan switching, multicast networking structures, SNA-LAN integration, and all aspects of enterprise networks * and how to use Kerberos, firewalls, PGP, RSA public keys, and other tools to assure security in heterogeneous environments. Heterogeneous computing is here to stay. It is therefore up to corporate end-users to make competing products fit into their environments efficiently, effectively and economically. Handbook of Heterogeneous Computing gives you t

Nessus Network Auditing
Nessus Network Auditing

Author: Russ Rogers

Publisher: Elsevier

Published: 2011-10-13

Total Pages: 448

ISBN-13: 0080558658

DOWNLOAD EBOOK

The Updated Version of the Bestselling Nessus Book. This is the ONLY Book to Read if You Run Nessus Across the Enterprise. Ever since its beginnings in early 1998, the Nessus Project has attracted security researchers from all walks of life. It continues this growth today. It has been adopted as a de facto standard by the security industry, vendor, and practitioner alike, many of whom rely on Nessus as the foundation to their security practices. Now, a team of leading developers have created the definitive book for the Nessus community. Perform a Vulnerability Assessment Use Nessus to find programming errors that allow intruders to gain unauthorized access. Obtain and Install Nessus Install from source or binary, set up up clients and user accounts, and update your plug-ins. Modify the Preferences Tab Specify the options for Nmap and other complex, configurable components of Nessus. Understand Scanner Logic and Determine Actual Risk Plan your scanning strategy and learn what variables can be changed. Prioritize Vulnerabilities Prioritize and manage critical vulnerabilities, information leaks, and denial of service errors. Deal with False Positives Learn the different types of false positives and the differences between intrusive and nonintrusive tests. Get Under the Hood of Nessus Understand the architecture and design of Nessus and master the Nessus Attack Scripting Language (NASL). Scan the Entire Enterprise Network Plan for enterprise deployment by gauging network bandwith and topology issues. - Nessus is the premier Open Source vulnerability assessment tool, and has been voted the "most popular" Open Source security tool several times. - The first edition is still the only book available on the product. - Written by the world's premier Nessus developers and featuring a foreword by the creator of Nessus, Renaud Deraison.

The Hacker's Handbook
The Hacker's Handbook

Author: Susan Young

Publisher: CRC Press

Published: 2003-11-24

Total Pages: 896

ISBN-13: 0203490045

DOWNLOAD EBOOK

This handbook reveals those aspects of hacking least understood by network administrators. It analyzes subjects through a hacking/security dichotomy that details hacking maneuvers and defenses in the same context. Chapters are organized around specific components and tasks, providing theoretical background that prepares network defenders for the always-changing tools and techniques of intruders. Part I introduces programming, protocol, and attack concepts. Part II addresses subject areas (protocols, services, technologies, etc.) that may be vulnerable. Part III details consolidation activities that hackers may use following penetration.

Information System Audit
Information System Audit

Author: Philippe Peret

Publisher: CRC Press

Published: 2022-07-07

Total Pages: 271

ISBN-13: 100061039X

DOWNLOAD EBOOK

The digitalization of companies is a recurrent topic of conversation for managers. Companies are forced to evolve at least as fast as their competitors. They have to review their organization, their processes, and their way of working. This also concerns auditors in terms of their audit strategy and working methods. Digitalization is the tip of the iceberg that represents the increasing reliance on information technology of the company’s information system. Companies have seen new competitors succeed with a digital approach, competitors that have opened new markets or new ways of interacting with their customers, and all business processes can be digitalized. In this new paradigm, auditors have to renew themselves too. Long gone are the days of auditors specializing in one technique, like financial auditors or IT auditors. This makes it a phenomenal opportunity for auditing to renew itself, embracing the vision of the company’s information system: long live the information system auditors! This book proposes you to go step by step from a common understanding of our history of auditing to gradually defining and justifying the impacts of digitalization on the audit strategy and the preparation of audits.

Securing an IT Organization through Governance, Risk Management, and Audit
Securing an IT Organization through Governance, Risk Management, and Audit

Author: Ken E. Sigler

Publisher: CRC Press

Published: 2016-01-05

Total Pages: 239

ISBN-13: 1040070957

DOWNLOAD EBOOK

This book introduces two internationally recognized bodies of knowledge: COBIT 5 from a cybersecurity perspective and the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF). Emphasizing the processes directly related to governance, risk management, and audit, the book maps the CSF steps and activities to the methods defined in COBIT 5, extending the CSF objectives with practical and measurable activities that leverage operational risk understanding in a business context. This allows the ICT organization to convert high-level enterprise goals into manageable, specific goals rather than unintegrated checklist models.

IBM z/OS Mainframe Security and Audit Management Using the IBM Security zSecure Suite
IBM z/OS Mainframe Security and Audit Management Using the IBM Security zSecure Suite

Author: Axel Buecker

Publisher: IBM Redbooks

Published: 2011-08-18

Total Pages: 494

ISBN-13: 0738435880

DOWNLOAD EBOOK

Every organization has a core set of mission-critical data that must be protected. Security lapses and failures are not simply disruptions—they can be catastrophic events, and the consequences can be felt across the entire organization. As a result, security administrators face serious challenges in protecting the company's sensitive data. IT staff are challenged to provide detailed audit and controls documentation at a time when they are already facing increasing demands on their time, due to events such as mergers, reorganizations, and other changes. Many organizations do not have enough experienced mainframe security administrators to meet these objectives, and expanding employee skillsets with low-level mainframe security technologies can be time-consuming. The IBM® Security zSecure suite consists of multiple components designed to help you administer your mainframe security server, monitor for threats, audit usage and configurations, and enforce policy compliance. Administration, provisioning, and management components can significantly reduce administration, contributing to improved productivity, faster response time, and reduced training time needed for new administrators. This IBM Redbooks® publication is a valuable resource for security officers, administrators, and architects who wish to better understand their mainframe security solutions.