Sign in  |  Register
Advanced search
Publication Cover

CITATION

Davis, Chris; Schiller, Mike; and Wheeler, Kevin. IT Auditing Using Controls to Protect Information Assets, 2nd Edition. US: McGraw-Hill Osborne Media, 2011.

IT Auditing Using Controls to Protect Information Assets, 2nd Edition

Authors: Chris Davis, Mike Schiller and Kevin Wheeler

Published:  January 2011

eISBN: 9780071742399 0071742395 | ISBN: 9780071742382
Open eBook
  • Contents
  • Foreword
  • Acknowledgments
  • Introduction
  • Part I: Audit Overview
  • Chapter 1 Building an Effective Internal IT Audit Function
  • Independence: The Great Myth
  • Consulting and Early Involvement
  • Four Methods for Consulting and Early Involvement
  • Relationship Building: Partnering vs. Policing
  • The Role of the IT Audit Team
  • Forming and Maintaining an Effective IT Audit Team
  • Maintaining Expertise
  • Relationship with External Auditors
  • Summary
  • Chapter 2 The Audit Process
  • Internal Controls
  • Determining What to Audit
  • The Stages of an Audit
  • Standards
  • Summary
  • Part II: Auditing Techniques
  • Chapter 3 Auditing Entity-Level Controls
  • Background
  • Test Steps for Auditing Entity-Level Controls
  • Knowledge Base
  • Master Checklist
  • Chapter 4 Auditing Data Centers and Disaster Recovery
  • Background
  • Data Center Auditing Essentials
  • Test Steps for Auditing Data Centers
  • Knowledge Base
  • Master Checklists
  • Chapter 5 Auditing Routers, Switches, and Firewalls
  • Background
  • Network Auditing Essentials
  • Auditing Switches, Routers, and Firewalls
  • Tools and Technology
  • Knowledge Base
  • Master Checklists
  • Chapter 6 Auditing Windows Operating Systems
  • Background
  • Windows Auditing Essentials
  • Test Steps for Auditing Windows
  • How to Perform a Simplified Audit of a Windows Client
  • Tools and Technology
  • Knowledge Base
  • Master Checklists
  • Chapter 7 Auditing Unix and Linux Operating Systems
  • Background
  • Unix and Linux Auditing Essentials
  • Test Steps for Auditing Unix and Linux
  • Tools and Technology
  • Knowledge Base
  • Master Checklists
  • Chapter 8 Auditing Web Servers and Web Applications
  • Background
  • Web Auditing Essentials
  • Part 1: Test Steps for Auditing the Host Operating System
  • Part 2: Test Steps for Auditing Web Servers
  • Part 3: Test Steps for Auditing Web Applications
  • Tools and Technology
  • Knowledge Base
  • Master Checklists
  • Chapter 9 Auditing Databases
  • Background
  • Database Auditing Essentials
  • Test Steps for Auditing Databases
  • Tools and Technology
  • Knowledge Base
  • Master Checklist
  • Chapter 10 Auditing Storage
  • Background
  • Storage Auditing Essentials
  • Test Steps for Auditing Storage
  • Knowledge Base
  • Master Checklists
  • Chapter 11 Auditing Virtualized Environments
  • Background
  • Virtualization Auditing Essentials
  • Test Steps for Auditing Virtualization
  • Knowledge Base
  • Master Checklists
  • Chapter 12 Auditing WLAN and Mobile Devices
  • Background
  • WLAN and Mobile Device Auditing Essentials
  • Test Steps for Auditing Wireless LANs
  • Test Steps for Auditing Mobile Devices
  • Additional Considerations
  • Tools and Technology
  • Knowledge Base
  • Master Checklists
  • Chapter 13 Auditing Applications
  • Background
  • Application Auditing Essentials
  • Test Steps for Auditing Applications
  • Master Checklists
  • Chapter 14 Auditing Cloud Computing and Outsourced Operations
  • Background
  • Test Steps for Auditing Cloud Computing and Outsourced Operations
  • Knowledge Base
  • Master Checklist
  • Chapter 15 Auditing Company Projects
  • Background
  • Project Auditing Essentials
  • Test Steps for Auditing Company Projects
  • Knowledge Base
  • Master Checklists
  • Part III: Frameworks, Standards, and Regulations
  • Chapter 16 Frameworks and Standards
  • Introduction to Internal IT Controls, Frameworks, and Standards
  • COSO
  • COBIT
  • ITIL
  • ISO 27001
  • NSA INFOSEC Assessment Methodology
  • Frameworks and Standards Trends
  • Chapter 17 Regulations
  • An Introduction to Legislation Related to Internal Controls
  • The Sarbanes-Oxley Act of 2002
  • Gramm-Leach-Bliley Act
  • Privacy Regulations
  • Health Insurance Portability and Accountability Act of 1996
  • EU Commission and Basel II
  • Payment Card Industry (PCI) Data Security Standard
  • Other Regulatory Trends
  • Chapter 18 Risk Management
  • Benefits of Risk Management
  • Risk Management from an Executive Perspective
  • Quantitative Risk Analysis
  • Qualitative Risk Analysis
  • IT Risk Management Life Cycle
  • Summary of Formulas
  • Index