IT Auditing Using Controls to Protect Information Assets 3rd edition by Chris Davis, Mike Schiller, Kevin Wheeler – Ebook PDF Instand Download/DeliveryISBN: 1260453235, 9781260453232
Full dowload IT Auditing Using Controls to Protect Information Assets 3rd edition after payment
Product details:
ISBN-10 : 1260453235
ISBN-13 : 9781260453232
Author: Chris Davis, Mike Schiller, Kevin Wheeler
Secure Your Systems Using the Latest IT Auditing Techniques Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Third Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cybersecurity programs, big data and data repositories, and new technologies are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource.
IT Auditing Using Controls to Protect Information Assets 3rd Table of contents:
- Part I Audit Overview
- Chapter 1 Building an Effective Internal IT Audit Function
- Why Are We Here? (The Internal Audit Department’s Mission)
- Independence: The Great Myth
- Adding Value Outside of Formal Audits
- Business Advisory Audits
- Four Methods for Business Advisory Audits
- Early Involvement
- Informal Audits
- Knowledge Sharing
- Self-Assessments
- Continuous Auditing
- Final Thoughts on Adding Value Outside of Formal Audits
- Relationship Building: Partnering vs. Policing
- Learning to Build Partnerships
- The Role of the IT Audit Team
- Application Auditors (or Integrated Auditors)
- Data Extraction and Analysis Specialists
- IT Auditors
- Forming and Maintaining an Effective IT Audit Team
- Career IT Auditors
- IT Professionals
- Career IT Auditors vs. IT Professionals: Final Thoughts
- Co-sourcing
- Maintaining Expertise
- Sources of Learning
- Relationship with External Auditors and Internal Assurance Functions
- Summary
- Chapter 2 The Audit Process
- Internal Controls
- Types of Internal Controls
- Internal Control Examples
- Determining What to Audit
- Creating the Audit Universe
- Ranking the Audit Universe
- Determining What to Audit: Final Thoughts
- The Stages of an Audit
- Planning
- Fieldwork and Documentation
- Issue Discovery and Validation
- Solution Development
- Report Drafting and Issuance
- Issue Tracking
- Standards
- Summary
- Part II Auditing Techniques
- Chapter 3 Auditing Entity-Level Controls
- Background
- Test Steps for Auditing Entity-Level Controls
- Knowledge Base
- Master Checklist
- Chapter 4 Auditing Cybersecurity Programs
- Background
- Steps for Auditing Cybersecurity Programs
- Knowledge Base
- Master Checklist
- Chapter 5 Auditing Data Centers and Disaster Recovery
- Background
- Data Center Auditing Essentials
- Physical Security and Environmental Controls
- System and Site Resiliency
- Data Center Operations
- Disaster Preparedness
- Test Steps for Auditing Data Centers
- Neighborhood and External Risk Factors
- Physical Access Controls
- Environmental Controls
- Power and Electricity
- Fire Suppression
- Data Center Operations
- System Resiliency
- Data Backup and Restoration
- Disaster Recovery Planning
- Knowledge Base
- Master Checklists
- Chapter 6 Auditing Networking Devices
- Background
- Network Auditing Essentials
- Protocols
- OSI Model
- Routers and Switches
- LANs, VLANs, WANs, and WLANs
- Firewalls
- Auditing Switches, Routers, and Firewalls
- General Network Equipment Audit Steps
- Additional Switch Controls: Layer 2
- Additional Router Controls: Layer 3
- Additional Firewall Controls
- Additional Controls for Wireless Network Gear
- Tools and Technology
- Knowledge Base
- Master Checklists
- Chapter 7 Auditing Windows Servers
- Background
- Windows Auditing Essentials
- Command-Line Tips
- Essential Command-Line Tools
- Common Commands
- Server Administration Tools
- Performing the Audit
- Test Steps for Auditing Windows
- Initial Steps
- Account Management
- Permissions Management
- Network Security and Controls
- Security Monitoring and Other General Controls
- Tools and Technology
- Knowledge Base
- Master Checklist
- Chapter 8 Auditing Unix and Linux Operating Systems
- Background
- Unix and Linux Auditing Essentials
- Key Concepts
- File System Layout and Navigation
- File System Permissions
- Users and Authentication
- Network Services
- Test Steps for Auditing Unix and Linux
- Account Management
- Permissions Management
- Network Security and Controls
- Security Monitoring and Other General Controls
- Tools and Technology
- Network Vulnerability Scanners
- NMAP
- Malware Detection Tools
- Tools for Validating Password Strength
- Host-Based Vulnerability Scanners
- Shell/Awk/etc
- Knowledge Base
- Master Checklists
- Chapter 9 Auditing Web Servers and Web Applications
- Background
- Web Auditing Essentials
- One Audit with Multiple Components
- Part 1: Test Steps for Auditing the Host Operating System
- Part 2: Test Steps for Auditing Web Servers
- Part 3: Test Steps for Auditing Web Applications
- Additional Steps for Auditing Web Applications
- Tools and Technology
- Knowledge Base
- Master Checklists
- Chapter 10 Auditing Databases
- Background
- Database Auditing Essentials
- Common Database Vendors
- Database Components
- NoSQL Database Systems
- Test Steps for Auditing Databases
- Initial Steps
- Operating System Security
- Account Management
- Permissions Management
- Data Encryption
- Security Log Monitoring and Management
- Tools and Technology
- Auditing Tools
- Monitoring Tools
- Encryption Tools
- Knowledge Base
- Master Checklist
- Chapter 11 Auditing Big Data and Data Repositories
- Background
- Big Data and Data Repository Auditing Essentials
- Test Steps for Auditing Big Data and Data Repositories
- Knowledge Base
- Master Checklist
- Chapter 12 Auditing Storage
- Background
- Storage Auditing Essentials
- Key Storage Components
- Key Storage Concepts
- Test Steps for Auditing Storage
- Initial Steps
- Account Management
- Storage Management
- Encryption and Permissions Management
- Security Monitoring and Other General Controls
- Knowledge Base
- Master Checklists
- Chapter 13 Auditing Virtualized Environments
- Background
- Commercial and Open-Source Projects
- Virtualization Auditing Essentials
- Test Steps for Auditing Virtualization
- Initial Steps
- Account Management and Resource Provisioning/Deprovisioning
- Virtual Environment Management
- Security Monitoring and Additional Security Controls
- Knowledge Base
- Hypervisors
- Tools
- Master Checklists
- Chapter 14 Auditing End-User Computing Devices
- Background
- Part 1: Auditing Windows and Mac Client Systems
- Windows and Mac Auditing Essentials
- Test Steps for Auditing Windows and Mac Client Systems
- Tools and Technology
- Knowledge Base
- Part 2: Auditing Mobile Devices
- Mobile Device Auditing Essentials
- Test Steps for Auditing Mobile Devices
- Additional Considerations
- Tools and Technology
- Knowledge Base
- Master Checklists
- Chapter 15 Auditing Applications
- Background
- Application Auditing Essentials
- Test Steps for Auditing Applications
- Input Controls
- Interface Controls
- Audit Trails and Security Monitoring
- Account Management
- Permissions Management
- Software Change Controls
- Backup and Recovery
- Data Retention and Classification and User Involvement
- Operating System, Database, and Other Infrastructure Controls
- Master Checklists
- Chapter 16 Auditing Cloud Computing and Outsourced Operations
- Background
- Cloud Computing and Outsourced Operations Auditing Essentials
- IT Systems, Software, and Infrastructure Outsourcing
- IT Service Outsourcing
- Other Considerations for IT Service Outsourcing
- Third-Party Reports and Certifications
- Test Steps for Auditing Cloud Computing and Outsourced Operations
- Initial Steps
- Vendor Selection and Contracts
- Account Management and Data Security
- Operations and Governance
- Legal Concerns and Regulatory Compliance
- Tools and Technology
- Knowledge Base
- Master Checklist
- Chapter 17 Auditing Company Projects
- Background
- Project Auditing Essentials
- High-Level Goals of a Project Audit
- Basic Approaches to Project Auditing
- Waterfall and Agile Software Development Methodologies
- Seven Major Parts of a Project Audit
- Test Steps for Auditing Company Projects
- Overall Project Management
- Project Startup, Requirements Gathering, and Initial Design
- Detailed Design and System Development
- Testing
- Implementation
- Training
- Project Wrap-Up
- Knowledge Base
- Master Checklists
- Chapter 18 Auditing New/Other Technologies
- Background
- New/Other Technology Auditing Essentials
- Generalized Frameworks
- Best Practices
- Test Steps for Auditing New and Other Technologies
- Initial Steps
- Account Management
- Permissions Management
- Network Security and Controls
- Security Monitoring and Other General Controls
- Master Checklists
- Part III Frameworks, Standards, Regulations, and Risk Management
- Chapter 19 Frameworks and Standards
- Introduction to Internal IT Controls, Frameworks, and Standards
- COSO
- COSO Definition of Internal Control
- Key Concepts of Internal Control
- Internal Control–Integrated Framework
- Enterprise Risk Management–Integrated Framework
- Relationship Between Internal Control and Enterprise Risk Management Publications
- IT Governance
- IT Governance Maturity Model
- COBIT
- ITIL
- ITIL Concepts
- ISO 27001
- ISO 27001 Concepts
- NIST Cyber Security Framework
- NSA INFOSEC Assessment Methodology
- NSA INFOSEC Assessment Methodology Concepts
- Pre-assessment Phase
- Onsite Activities Phase
- Post-assessment Phase
- Frameworks and Standards Trends
- Knowledge Base
- Chapter 20 Regulations
- An Introduction to Legislation Related to Internal Controls
- Regulatory Impact on IT Audits
- History of Corporate Financial Regulation
- The Sarbanes-Oxley Act of 2002
- SOX’s Impact on Public Corporations
- Core Points of the SOX Act
- SOX’s Impact on IT Departments
- SOX Considerations for Companies with Multiple Locations
- Impact of Third-Party Services on SOX Compliance
- Specific IT Controls Required for SOX Compliance
- The Financial Impact of SOX Compliance on Companies
- Gramm-Leach-Bliley Act
- GLBA Requirements
- Federal Financial Institutions Examination Council
- General Data Protection Regulation
- Additional Privacy Regulations
- California Security Breach Information Act (SB 1386)
- California Consumer Privacy Act
- Canadian Personal Information Protection and Electronic Documentation Act
- Privacy Law Trends
- Health Insurance Portability and Accountability Act
- HIPAA Privacy and Security Rules
- The HITECH Act
- HIPAA’s Impact on Covered Entities
- EU Commission and Basel II
- Basel II Capital Accord
- Payment Card Industry Data Security Standard
- PCI Impact on the Payment Card Industry
- Other Regulatory Trends
- Knowledge Base
- Chapter 21 Risk Management
- Benefits of Risk Management
- Risk Management from an Executive Perspective
- Quantitative vs. Qualitative Risk Analysis
- Quantitative Risk Analysis
- Elements of Risk
- Practical Application
- Addressing Risk
People also search for IT Auditing Using Controls to Protect Information Assets 3rd:
it audit controls examples
it audit control and security
it audit controls
it auditing using controls to protect information assets third edition
what is information security auditing
Reviews
There are no reviews yet.