The IT regulatory and standards compliance handbook /

Mostrar otras versiones (1)

This book provides comprehensive methodology, enabling the staff charged with an IT security audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This "roadmap" provides a way of interpreting comp...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Wright, Craig
Otros Autores: Freedman, Brian, Liu, Dale
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Burlington, MA : Syngress Pub., ©2008.
Temas:
Information technology > Management.
Information resources management > Auditing.
Technologie de l'information > Gestion.
Information technology > Management
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Section 1: An Introduction to Information Systems Audit
  • Chapter 1? Introduction; Chapter 2
  • Evolution of Information Systems; Chapter 3
  • The Information Systems Audit Program; Chapter 4? Planning; Chapter 5
  • Information Gathering ; Chapter 6? Basic Auditing strategies and Techniques
  • Section 2: Security Policy and Procedures
  • Chapter 7? Security Policy overview; Chapter 8? Policy Issues and fundamentals; Chapter 9
  • Policy Development; Chapter 10
  • Assessing Security Awareness and Knowledge of Policy; Chapter 11
  • Reviewing & Assessing Information Systems Policy and Procedures
  • Section 3: Network Auditing
  • Chapter 12? An introduction to Network Audit; Chapter 13? Specialist Network Audit Topics; Chapter 14? Auditing Cisco Routers and Switches; Chapter 15
  • Testing the Firewall
  • Chapter 16? An Introduction to Wireless Technologies; Chapter 17?Wireless Audit Techniques; Chapter 18? Advanced Wireless Audit Techniques; Chapter 19
  • Analyzing The Results
  • Section 4: Systems Audit
  • Chapter 20
  • An Introduction to Systems Auditing; Chapter 21? Database Auditing; Chapter 22? Microsoft Windows Security and Audits; Chapter 23? Unix and Linux Audit; Chapter 24
  • Auditing Web-Based Applications; Chapter 25? Other Systems
  • Section 5: Other Issues for the Auditor
  • Chapter 26
  • Risk Management, Security Compliance and Audit Controls; Chapter 27
  • Information Systems Legislation; Chapter 28 -Operations Security; Chapter 29? Cryptography; Chapter 30? Malware
  • Appendix A
  • Preliminary Checklist to Gather Information; Appendix B
  • Generic Questionnaire for Meetings with Business Process Owners; Appendix C
  • Generic Questionnaire for Meetings with Technology Owners; Appendix D? Network and Systems Checklists; Appendix E
  • Data Classification; Appendix F
  • Data Retention; Appendix G
  • Backup and Recovery; Appendix H
  • Externally Hosted Services; Appendix I? Assessing Physical Security; Appendix J
  • Incident Handling and Response; Appendix K
  • Change Management; Appendix L? Sarbanes Oxley (SOX); Appendix M? PCI-DSS (Payment Card Industry? Data Security Standards); Appendix N
  • ISO/IEC 17799/27001: Policy, ISMS & Awareness; Appendix O? Financial Services Requirements (BASEL II, Gramm-Leach-Bliley Act of 1999); Appendix P? FISMA; Appendix Q
  • HIPAA Security; Appendix R? CobiT.
  • Introduction to IT compliance
  • Evolution on information systems
  • The information systems audit program
  • Planning
  • Information gathering
  • Security policy overview
  • Policy issues and fundamentals
  • Assessing security awareness and knowledge of policy
  • An introduction to network audit
  • Auditing Cisco routers and switches
  • Testing the firewall
  • Auditing and security with wireless technologies
  • Analyzing the results
  • An introduction to systems auditing
  • Database auditing
  • Microsoft Windows security and audits
  • Auditing UNIX and Linux
  • Auditing web-bases applications
  • Other systems
  • Risk management, security compliance, and audit controls
  • Information systems legislation
  • Operations security.

Ejemplares similares