Book description
Secure Your Systems Using the Latest IT Auditing Techniques
Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Second Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cloud computing, outsourced operations, virtualization, and storage are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource.
- Build and maintain an internal IT audit function with maximum effectiveness and value
- Audit entity-level controls, data centers, and disaster recovery
- Examine switches, routers, and firewalls
- Evaluate Windows, UNIX, and Linux operating systems
- Audit Web servers and applications
- Analyze databases and storage solutions
- Assess WLAN and mobile devices
- Audit virtualized environments
- Evaluate risks associated with cloud computing and outsourced operations
- Drill down into applications to find potential control weaknesses
- Use standards and frameworks, such as COBIT, ITIL, and ISO
- Understand regulations, including Sarbanes-Oxley, HIPAA, and PCI
- Implement proven risk management practices
Table of contents
- Cover Page
- IT Auditing: Using Controls to Protect Information Assets
- Copyright Page
- Dedication
- About the Authors
- Contents
- Foreword
- Acknowledgments
- Introduction
-
Part I Audit Overview
-
Chapter 1 Building an Effective Internal IT Audit Function
- Independence: The Great Myth
- Consulting and Early Involvement
- Four Methods for Consulting and Early Involvement
- Relationship Building: Partnering vs. Policing
- The Role of the IT Audit Team
- Forming and Maintaining an Effective IT Audit Team
- Maintaining Expertise
- Relationship with External Auditors
- Summary
- Chapter 2 The Audit Process
-
Chapter 1 Building an Effective Internal IT Audit Function
-
PART II Auditing Techniques
- Chapter 3 Auditing Entity-Level Controls
- Chapter 4 Auditing Data Centers and Disaster Recovery
- Chapter 5 Auditing Routers, Switches, and Firewalls
- Chapter 6 Auditing Windows Operating Systems
- Chapter 7 Auditing Unix and Linux Operating Systems
- Chapter 8 Auditing Web Servers and Web Applications
- Chapter 9 Auditing Databases
- Chapter 10 Auditing Storage
- Chapter 11 Auditing Virtualized Environments
- Chapter 12 Auditing WLAN and Mobile Devices
- Chapter 13 Auditing Applications
- Chapter 14 Auditing Cloud Computing and Outsourced Operations
- Chapter 15 Auditing Company Projects
-
PART III Frameworks, Standards, and Regulations
- Chapter 16 Frameworks and Standards
-
Chapter 17 Regulations
- An Introduction to Legislation Related to Internal Controls
-
The Sarbanes-Oxley Act of 2002
- SOX’s Impact on Public Corporations
- Core Points of the SOX Act
- SOX’s Impact on IT Departments
- SOX Considerations for Companies with Multiple Locations
- Impact of Third-Party Services on SOX Compliance
- Specific IT Controls Required for SOX Compliance
- The Financial Impact of SOX Compliance on Companies
- Gramm-Leach-Bliley Act
- Privacy Regulations
- Health Insurance Portability and Accountability Act of 1996
- EU Commission and Basel II
- Payment Card Industry (PCI) Data Security Standard
- Other Regulatory Trends
- Chapter 18 Risk Management
- Index
- Footnotes
Product information
- Title: IT Auditing Using Controls to Protect Information Assets, 2nd Edition, 2nd Edition
- Author(s):
- Release date: February 2011
- Publisher(s): McGraw-Hill
- ISBN: 9780071742399
You might also like
book
IT Auditing Using Controls to Protect Information Assets, Third Edition, 3rd Edition
Secure Your Systems Using the Latest IT Auditing Techniques Fully updated to cover leading-edge tools and …
book
CRISC Certified in Risk and Information Systems Control All-in-One Exam Guide, Second Edition, 2nd Edition
A fully updated self-study guide for the industry-standard information technology risk certification, CRISC Written by information …
book
The Basics of Information Security, 2nd Edition
As part of the Syngress Basics series, The Basics of Information Security provides you with fundamental …
book
CISA Certified Information Systems Auditor All-in-One Exam Guide, Fourth Edition, 4th Edition
Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, …