Download PDF IT Auditing: Using Controls to Protect Information Assets
Those are some of advantages reviewing IT Auditing: Using Controls To Protect Information Assets When you have decided to obtain and also check out guide, you have to allot the solution and get the easily to check out till finished. This book tends to be a needed book to require some responsibilities as well as activities. When other people are still stressed over the tasks as well as target date, you can really feel much more unwinded due to the fact that you have obtained the book perfectly.
IT Auditing: Using Controls to Protect Information Assets
Download PDF IT Auditing: Using Controls to Protect Information Assets
Numerous ready-books to read are supplied in this web site. We, as internet library site will certainly always offer more recent or late update of books from many countries worldwide. It will lead you to alleviate our way to seek for the alternative types of books. Without travelling, without investing much money, and also without investing much time end up being some benefits of taking books from this web site. And below, a IT Auditing: Using Controls To Protect Information Assets is among the most recent publication is welcome.
Leisure time ends up being a really valuable time for lots of people. This is the time to lose all worn out, exhausted, and also tired jobs or duties. Nonetheless, having too very long time will certainly make you really feel bored. Furthermore, you will feel that so when you have no tasks. To face the small issue, we reveal a publication IT Auditing: Using Controls To Protect Information Assets that can be a way to accompany you while being in the free time. It can be reviewing product, not as the cushion obviously.
This publication is truly conceptualized to use not only the recent life however additionally future. By offering the advantages of this IT Auditing: Using Controls To Protect Information Assets, maybe it will certainly lead you to not be doubt of it. Be one of the excellent readers worldwide that constantly check out the excellent quality book. With the certified books, you can develop your mind and idea. This is not only concerning the point of view; it's everything about the fact.
recognizing more about this publication, you can expose just how this book is vital for you to review. This is one of the reasons that you should review it. Nonetheless, the here and now IT Auditing: Using Controls To Protect Information Assets can be recommended to overcome the troubles that you face now, possibly. Also you have the best choice, getting information as well as factors to consider from a few other sources are requirement. You may have extra times to know about the problems as well as how you can address it. When you require home entertainment making fun, you can get some from this publication.
About the Author
Chris Davis, CISA, CISSP, shares his experience from architecting, hardening, and auditing systems. He has trained auditors and forensic analysts. Davis is the coauthor of the bestselling Hacking Exposed: Computer Forensics.Mike Schiller, CISA, has 14 years of experience in the IT audit field, most recently as the worldwide IT Audit Manager at Texas Instruments.Kevin Wheeler, CISA, CISSP, NSA IAM/IEM, is the founder and CEO of InfoDefense and has over ten years of IT security experience.
Read more
Product details
Paperback: 387 pages
Publisher: McGraw-Hill Osborne Media; 1 edition (December 22, 2006)
Language: English
ISBN-10: 9780072263435
ISBN-13: 978-0072263435
ASIN: 0072263431
Product Dimensions:
7.4 x 0.9 x 9.1 inches
Shipping Weight: 1.5 pounds
Average Customer Review:
4.4 out of 5 stars
8 customer reviews
Amazon Best Sellers Rank:
#1,417,275 in Books (See Top 100 in Books)
These authors have done a great job in putting this subject of diverse information into a concise but indepth book. The checklists are impressive.In my view IT Auditing is a convergence of knowledge of: IT Technical stuff, of the auditing process, of applicable laws, plus strong writing skills. This book covers the first three areas very well.I wish the authors had included some reference also to as to how to market one's skills as an IT Auditor, for those of us looking to get into this field.At best this occupational field is currently fragmented. A survey of major companies' sites shows how IT Auditing is not even listed in their career searches.Hopefully, these or other authors will address this aspect of information on this topic soon.
This book offers comprehensive and practical information of IT auditing for auditors and IT professionals. The topics that are covered range from auditing data centers, hardware (switches, routers, firewalls, web servers, WLAN and mobile devices), operating systems (Windows, Unix and Linux), databases and applications to audit standards and regulations. Some checklists of auditing techniques are very useful security tips for system administration and development. As a IT professional, I get to know computer auditing and how to better secure an application system from this book.
Excellent good book, good contents, it is a good guide to make an IT auditing
I've been an IT Auditor for 5 years, and I've found this to be the most valuable IT auditing generalist book. It's most useful in creating audit programs in unfamiliar areas, where it lays out the topics you should be covering in your audit, including questions to ask. Even in familiar audit areas, I skim through the relevant chapter to see if I'm missing something.
This book was surprisingly filled with good information. It is not a "certification" book, which seem to be the norm in IT auditing. This one is a good reference for the novice auditor.
Folks in the information security / IT audit space will enjoy this book. I mostly appreciate the check lists and audit programs at the end of each chapter.
I have no experience with auditing in the formal sense described by IT Auditing. I am familiar with the technical aspects of host and network security, but I wanted to know more about the goals and views of those who audit enterprises from a security standpoint. IT Auditing succeeds when it discusses the profession of auditing but I found some of the technical details lacking. Therefore, I recommend focusing on chapters 1-3 and 12-15, while using the technical chapters as indicators for outside research.Chapter 1 makes clear that IT Auditing is written for internal audit teams. The author argues that involvement is better than "independence," since adhering to the later business approach is a recipe for outsourcing the audit function. I liked the beginning and end of IT Auditing because they emphasized how internal audit teams should work with business IT functions. These chapters answered questions on whether or not audit should review and comment upon projects before completion (yes) and related "soft" topics.The middle of IT Auditing concentrates on how to audit data centers, infrastructure, operating systems, Web servers, databases, applications, and wireless/mobile devices. I found these chapters less appealing. When I read "it's much more common to find SNMP Version 2 in most corporate environment" (sic, p 121) or see mention of "Universal Data Ports (UDPs)" (sic, p 172) I question the validity of the technical recommendations. Other examples include equating NAT with proxies (p 117) and the statement that "network vulnerability scanning... is probably the most important type of security discovery or monitoring in most environments" I begin to understand the horror stories I hear from some who are audited.When it came to understanding the audit mindset, I think IT Auditing really helped me. It seems auditors are far more likely to be interested in reviewing paperwork than really assessing effectiveness of security controls. Repeatedly I read statements like "evaluate the effectiveness of the security personnel function" by looking at documentation. In a few areas auditors seem to understand the value of real tests, e.g., trying to restore a backup rather than reviewing logs saying backups were completed. This focus on validating paperwork over operational activity is the single biggest problem with audits. It's clear a "system" could pass all its audit checks with flying colors while still being completely compromised. (Yes, p 201-2 mentions Chkrootkit, but that program is only effective in limited scenarios.) Audit is configuration and paperwork validation, not system integrity assessment.I recommend reading IT Auditing if you want to get a better idea of how your auditors think and what they want to inspect. If you're an auditor who wants authoritative technical guidance you will probably learn more from dedicated system and network hardening books designed for administrators. IT Auditing's checklists can at least put you in the ballpark, however.
I want to start off by saying this is a very comprehensive book. This book provides you with good tools to ask your IT folks and things to look for. The subjects this book covers starts from the top to bottom. (entity level controls all the way down to application level controls). The book guides you to what is potentially important (to include in an audit report) and items that are housekeeping. Not only does it provide audit test steps, but it will provide you on how to tackle it. This book has advanced topics that directly deal with the status of IT presence in the corporate function. One thing that stood out to me was the powerful introduction the book provides about the role of Internal Audit and more specifically IT. This is a fun read! Hard to believe right?
IT Auditing: Using Controls to Protect Information Assets PDF
IT Auditing: Using Controls to Protect Information Assets EPub
IT Auditing: Using Controls to Protect Information Assets Doc
IT Auditing: Using Controls to Protect Information Assets iBooks
IT Auditing: Using Controls to Protect Information Assets rtf
IT Auditing: Using Controls to Protect Information Assets Mobipocket
IT Auditing: Using Controls to Protect Information Assets Kindle
0 komentar:
Posting Komentar