The IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and Assessments

Front Cover
Elsevier, Jul 25, 2008 - Computers - 750 pages
The IT Regulatory and Standards Compliance Handbook provides comprehensive methodology, enabling the staff charged with an IT security audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This "roadmap" provides a way of interpreting complex, often confusing, compliance requirements within the larger scope of an organization's overall needs. - The ulitmate guide to making an effective security policy and controls that enable monitoring and testing against them - The most comprehensive IT compliance template available, giving detailed information on testing all your IT security, policy and governance requirements - A guide to meeting the minimum standard, whether you are planning to meet ISO 27001, PCI-DSS, HIPPA, FISCAM, COBIT or any other IT compliance requirement - Both technical staff responsible for securing and auditing information systems and auditors who desire to demonstrate their technical expertise will gain the knowledge, skills and abilities to apply basic risk analysis techniques and to conduct a technical audit of essential information systems from this book - This technically based, practical guide to information systems audit and assessment will show how the process can be used to meet myriad compliance issues
 

Contents

Introduction to IT Compliance
1
Evolution of Information Systems
25
The Information Systems Audit Program
43
Planning
59
Information Gathering
73
Security Policy Overview
115
Policy Issues and Fundamentals
149
Assessing Security Awareness and Knowledge of Policy
161
Analyzing the Results
327
An Introduction to Systems Auditing
347
Database Auditing
371
Microsoft Windows Security and Audits
395
Auditing UNIX and Linux
465
Auditing WebBased Applications
515
Other Systems
561
Risk Management Security Compliance and Audit Controls
577

An Introduction to Network Audit
195
Auditing Cisco Routers and Switches
229
Testing the Firewall
275
Auditing and Security with Wireless Technologies
299
Information Systems Legislation
609
Operations Security
673
Index
695
Copyright

Other editions - View all

Common terms and phrases

Bibliographic information