The IT regulatory and standards compliance handbook

This book provides comprehensive methodology, enabling the staff charged with an IT security audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This ""roadmap"" provides a way of inte...

Descripción completa

Detalles Bibliográficos
Autor principal: Wright, Craig (-)
Otros Autores: Freedman, Brian, Liu, Dale
Formato: Libro electrónico
Idioma:Inglés
Publicado: Burlington, MA : Syngress Pub c2008.
Edición:1st edition
Materias:
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627475506719
Tabla de Contenidos:
  • Front Cover; The IT Regulatory and Standards Compliance Handbook; Copyright Page; Lead Author; Technical Editors; Contents; Chapter 1: Introduction to IT Compliance; Introduction; Does Security Belong within IT?; Management Support; Job Roles and Responsibilities; What Are Audits, Assessments, and Reviews?; Audit; Inspection and Reviews; Penetration Tests and Red Teaming; Ethical Attacks; Vulnerability Assessment; GAP Analysis; Black and White Box Testing; Tools-Based Scanning; Agreed Procedures Review; Acceptance Testing; Data Conversion; The Taxonomy; Vulnerability; Threat-Source; Threat
  • RiskRisk Management; The Decision Test of the Process; Controls; Definition of Internal Control; Key Concepts; Key Controls; Operational Controls; General Controls; Application Controls; IT Governance; Other Terms; Objectivity; Ethics; Ethics, "The 10 Commandments of Computer Ethics"; Planning; Examining and Evaluating Information; A Preliminary Survey; The Program-Criteria for Defining Procedures; The Program; Introduction and Background; Purpose and Scope of the Report; Objectives of the Project; Definition of Terms; Procedures; ISACA; CISA; COBIT; GSNA (SANS/GIAC)
  • IIA (The Institute of Internal Auditors)CIA; FISCAM; Summary; Chapter 2: Evolution of Information Systems; Introduction; Terminology Used in This Book; The Primary Objective of Auditing; The Threat Scene; Threats; Attack Levels; Critical; High; Medium; Low; Suspicious; Modifiers; A High Volume of Attacks; Skilled and/or Unexpected Attacks; Definition Matrix; Threat Matrix; Targeted Attacks; "Hacktivisim"; Cyber Terrorism; Common Criminals; Insider Attacks; Miscellaneous Attackers; Methods of Attack; Information Collection; Unobtrusive Public Research; Social Engineering; Scanning
  • System Break-InsFollow-up and Continuing Attacks; Attack Chaining; Vandalism; Denial-of-Service (DoS) Attacks; Single-Message DoS Attacks; Flooding Denial-of-Service (DDoS) Attacks or Distributed DoS Attacks; Smurf Attacks; Land Attacks; Flooding Attacks; Hostile Code; What Is Hostile Code?; Viruses; Bombs; Trojans; Worms; Policy > Procedure > Audit; Summary; Chapter 3: The Information Systems Audit Program; Introduction; Audit Checklists; Baselines; Baselines and Automation; Assurance; Testing Your Organization's Security; Objectivity; Standards and Ethics
  • Protection Testing, Internet Security Assessments, and Ethical AttacksProtection Testing or Internet Assessments; Why People Do Protection Testing; Penetration Testing or Ethical Attacks Vs Protection Testing; Miscellaneous Tests; Server Operating System Security Analysis; Phone Line Scanning; Phone / War dialing Audit Project Tasks; Social Engineering; BCP/DR Testing: Disaster Readiness Assessment; What Is Covered in a BCP/DR Review?; What Does BCP Cover?; Developing an Audit Manual; Preliminary Survey; Criteria for Defining Procedures; The Program; When to Prepare the Program
  • The Final Report