The IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and AssessmentsThe IT Regulatory and Standards Compliance Handbook provides comprehensive methodology, enabling the staff charged with an IT security audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This "roadmap" provides a way of interpreting complex, often confusing, compliance requirements within the larger scope of an organization's overall needs. - The ulitmate guide to making an effective security policy and controls that enable monitoring and testing against them - The most comprehensive IT compliance template available, giving detailed information on testing all your IT security, policy and governance requirements - A guide to meeting the minimum standard, whether you are planning to meet ISO 27001, PCI-DSS, HIPPA, FISCAM, COBIT or any other IT compliance requirement - Both technical staff responsible for securing and auditing information systems and auditors who desire to demonstrate their technical expertise will gain the knowledge, skills and abilities to apply basic risk analysis techniques and to conduct a technical audit of essential information systems from this book - This technically based, practical guide to information systems audit and assessment will show how the process can be used to meet myriad compliance issues |
Contents
1 | |
25 | |
The Information Systems Audit Program | 43 |
Planning | 59 |
Information Gathering | 73 |
Security Policy Overview | 115 |
Policy Issues and Fundamentals | 149 |
Assessing Security Awareness and Knowledge of Policy | 161 |
Analyzing the Results | 327 |
An Introduction to Systems Auditing | 347 |
Database Auditing | 371 |
Microsoft Windows Security and Audits | 395 |
Auditing UNIX and Linux | 465 |
Auditing WebBased Applications | 515 |
Other Systems | 561 |
Risk Management Security Compliance and Audit Controls | 577 |
Other editions - View all
The IT Regulatory and Standards Compliance Handbook Craig Wright,Brian Freedman,Dale Liu No preview available - 2008 |
Common terms and phrases
access control access control lists Active Directory activity administrator allows analysis Analyzer application assessment attack audit auditor authentication baseline browser checklist Cisco Cisco IOS client command compliance contract cookie create database default designed detailed devices document e-mail effective employees encryption ensure event example Figure firewall function host identify implemented incident inetd information assets information security installed InstallShield integrity internal Internet IP address issues Kismet Linux logs malware Microsoft Microsoft Windows monitoring Nessus NetStumbler Nipper nmap objectives operating system option organization organization's output OWASP packets password patch procedures protection protocols requirements result risk router scan script security awareness security policy server Snap-in specific Splogs SQL Injection standards threats unauthorized UNIX update validate vulnerabilities Web Bug Windows wireless