The IT regulatory and standards compliance handbook
This book provides comprehensive methodology, enabling the staff charged with an IT security audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This "roadmap" provides a way of interpreting comp...
| Main Author: | |
|---|---|
| Other Authors: | , |
| Format: | eBook |
| Language: | English |
| Published: |
Burlington, MA
Syngress Pub.
2008
|
| Subjects: | |
| Online Access: | |
| Collection: | O'Reilly - Collection details see MPG.ReNa |
Table of Contents:
- Section 4: Systems Audit
- Chapter 20
- An Introduction to Systems Auditing; Chapter 21? Database Auditing; Chapter 22? Microsoft Windows Security and Audits; Chapter 23? Unix and Linux Audit; Chapter 24
- Auditing Web-Based Applications; Chapter 25? Other Systems
- Section 5: Other Issues for the Auditor
- Chapter 26
- Risk Management, Security Compliance and Audit Controls; Chapter 27
- Information Systems Legislation; Chapter 28 -Operations Security; Chapter 29? Cryptography; Chapter 30? Malware
- Appendix A
- Preliminary Checklist to Gather Information; Appendix B
- Generic Questionnaire for Meetings with Business Process Owners; Appendix C
- Generic Questionnaire for Meetings with Technology Owners; Appendix D? Network and Systems Checklists; Appendix E
- Data Classification; Appendix F
- Data Retention; Appendix G
- Backup and Recovery; Appendix H
- Externally Hosted Services; Appendix I? Assessing Physical Security; Appendix J
- Includes bibliographical references and index
- Introduction to IT compliance
- Evolution on information systems
- The information systems audit program
- Planning
- Information gathering
- Security policy overview
- Policy issues and fundamentals
- Assessing security awareness and knowledge of policy
- An introduction to network audit
- Auditing Cisco routers and switches
- Testing the firewall
- Auditing and security with wireless technologies
- Analyzing the results
- An introduction to systems auditing
- Database auditing
- Microsoft Windows security and audits
- Auditing UNIX and Linux
- Auditing web-bases applications
- Other systems
- Risk management, security compliance, and audit controls
- Information systems legislation
- Operations security
- Section 1: An Introduction to Information Systems Audit
- Chapter 1? Introduction; Chapter 2
- Evolution of Information Systems; Chapter 3
- The Information Systems Audit Program; Chapter 4? Planning; Chapter 5
- Information Gathering ; Chapter 6? Basic Auditing strategies and Techniques
- Section 2: Security Policy and Procedures
- Chapter 7? Security Policy overview; Chapter 8? Policy Issues and fundamentals; Chapter 9
- Policy Development; Chapter 10
- Assessing Security Awareness and Knowledge of Policy; Chapter 11
- Reviewing & Assessing Information Systems Policy and Procedures
- Section 3: Network Auditing
- Chapter 12? An introduction to Network Audit; Chapter 13? Specialist Network Audit Topics; Chapter 14? Auditing Cisco Routers and Switches; Chapter 15
- Testing the Firewall
- Chapter 16? An Introduction to Wireless Technologies; Chapter 17?Wireless Audit Techniques; Chapter 18? Advanced Wireless Audit Techniques; Chapter 19
- Analyzing The Results
- Incident Handling and Response; Appendix K
- Change Management; Appendix L? Sarbanes Oxley (SOX); Appendix M? PCI-DSS (Payment Card Industry? Data Security Standards); Appendix N
- ISO/IEC 17799/27001: Policy, ISMS & Awareness; Appendix O? Financial Services Requirements (BASEL II, Gramm-Leach-Bliley Act of 1999); Appendix P? FISMA; Appendix Q
- HIPAA Security; Appendix R? CobiT.