The IT regulatory and standards compliance handbook / Craig Wright, Brian Freedman, Dale Liu.

Format:

Book

Author/Creator:

Wright, Craig.

Contributor:

Freedman, Brian.

Liu, Dale.

Language:

English

Subjects (All):

Information technology--Management.

Information technology.

Information resources management--Auditing.

Information resources management.

Physical Description:

1 online resource (758 p.)

Edition:

1st edition

Place of Publication:

Burlington, MA : Syngress Pub., c2008.

Language Note:

English

System Details:

text file

Summary:

This book provides comprehensive methodology, enabling the staff charged with an IT security audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This ""roadmap"" provides a way of interpreting complex, often confusing, compliance requirements within the larger scope of an organization's overall needs.Key Features:* The ulitmate guide to making an effective security policy and controls that enable monitoring and testing against them* The most comprehensive IT compliance templa

Contents:

Front Cover; The IT Regulatory and Standards Compliance Handbook; Copyright Page; Lead Author; Technical Editors; Contents; Chapter 1: Introduction to IT Compliance; Introduction; Does Security Belong within IT?; Management Support; Job Roles and Responsibilities; What Are Audits, Assessments, and Reviews?; Audit; Inspection and Reviews; Penetration Tests and Red Teaming; Ethical Attacks; Vulnerability Assessment; GAP Analysis; Black and White Box Testing; Tools-Based Scanning; Agreed Procedures Review; Acceptance Testing; Data Conversion; The Taxonomy; Vulnerability; Threat-Source; Threat

RiskRisk Management; The Decision Test of the Process; Controls; Definition of Internal Control; Key Concepts; Key Controls; Operational Controls; General Controls; Application Controls; IT Governance; Other Terms; Objectivity; Ethics; Ethics, "The 10 Commandments of Computer Ethics"; Planning; Examining and Evaluating Information; A Preliminary Survey; The Program-Criteria for Defining Procedures; The Program; Introduction and Background; Purpose and Scope of the Report; Objectives of the Project; Definition of Terms; Procedures; ISACA; CISA; COBIT; GSNA (SANS/GIAC)

IIA (The Institute of Internal Auditors)CIA; FISCAM; Summary; Chapter 2: Evolution of Information Systems; Introduction; Terminology Used in This Book; The Primary Objective of Auditing; The Threat Scene; Threats; Attack Levels; Critical; High; Medium; Low; Suspicious; Modifiers; A High Volume of Attacks; Skilled and/or Unexpected Attacks; Definition Matrix; Threat Matrix; Targeted Attacks; "Hacktivisim"; Cyber Terrorism; Common Criminals; Insider Attacks; Miscellaneous Attackers; Methods of Attack; Information Collection; Unobtrusive Public Research; Social Engineering; Scanning

System Break-InsFollow-up and Continuing Attacks; Attack Chaining; Vandalism; Denial-of-Service (DoS) Attacks; Single-Message DoS Attacks; Flooding Denial-of-Service (DDoS) Attacks or Distributed DoS Attacks; Smurf Attacks; Land Attacks; Flooding Attacks; Hostile Code; What Is Hostile Code?; Viruses; Bombs; Trojans; Worms; Policy > Procedure > Audit; Summary; Chapter 3: The Information Systems Audit Program; Introduction; Audit Checklists; Baselines; Baselines and Automation; Assurance; Testing Your Organization's Security; Objectivity; Standards and Ethics

Protection Testing, Internet Security Assessments, and Ethical AttacksProtection Testing or Internet Assessments; Why People Do Protection Testing; Penetration Testing or Ethical Attacks Vs Protection Testing; Miscellaneous Tests; Server Operating System Security Analysis; Phone Line Scanning; Phone / War dialing Audit Project Tasks; Social Engineering; BCP/DR Testing: Disaster Readiness Assessment; What Is Covered in a BCP/DR Review?; What Does BCP Cover?; Developing an Audit Manual; Preliminary Survey; Criteria for Defining Procedures; The Program; When to Prepare the Program

The Final Report

Notes:

"How to survive an information systems audit and assessments"--Cover.

Includes bibliographical references and index.

ISBN:

9786611755010

9781281755018

128175501X

9780080560175

0080560172

OCLC:

437246462