| LEADER | 01640cam a22004454a 4500 |
| 001 |
9977373163602122 |
| 005 |
20080926195745.0 |
| 008 |
080218t20082008maua b 001 0 eng |
| 010 |
|
$a 2008275631 |
| 015 |
|
$aGBA8A4338$2bnb |
| 016 |
7_
|
$a014590872$2Uk |
| 020 |
|
$a1597492663 |
| 020 |
|
$a9781597492669 |
| 035 |
|
$a(OCoLC)ocn192082627 |
| 035 |
|
$a(WU)7737316-uwmadisondb |
| 035 |
|
$a(EXLNZ-01UWI_NETWORK)9910059787902121 |
| 040 |
|
$aDLC$beng$cDLC$dYDXCP$dBTCTA$dBAKER$dINT$dUKM$dGZM |
| 049 |
|
$aGZMA |
| 050 |
00
|
$aHF5548.35$b.W75 2008 |
| 082 |
04
|
$a658.478$222 |
| 100 |
1_
|
$aWright, Craig. |
| 245 |
14
|
$aThe IT regulatory and standards compliance handbook /$cCraig Wright, Brian Freedman, Dale Liu. |
| 246 |
1_
|
$iSubtitle on cover:$aHow to survive an information systems audit and assessments |
| 264 |
_1
|
$aBurlington, MA :$bSyngress Pub.,$c[2008] |
| 264 |
_4
|
$c©2008 |
| 300 |
|
$axlii, 715 pages :$billustrations ;$c24 cm |
| 336 |
|
$atext$btxt$2rdacontent |
| 337 |
|
$aunmediated$bn$2rdamedia |
| 338 |
|
$avolume$bnc$2rdacarrier |
| 504 |
|
$aIncludes bibliographical references and index. |
| 650 |
_0
|
$aInformation technology$xManagement. |
| 650 |
_0
|
$aInformation resources management$xAuditing. |
| 700 |
1_
|
$aFreedman, Brian. |
| 700 |
1_
|
$aLiu, Dale. |
| 856 |
42
|
$3Publisher description$uhttp://www.loc.gov/catdir/enhancements/fy0838/2008275631-d.html |
| 938 |
|
$aYBP Library Services$bYANK$n2774740 |
| 938 |
|
$aBaker and Taylor$bBTCP$nBK0007645698 |
| 938 |
|
$aBaker & Taylor$bBKTY$c69.95$d69.95$i1597492663$n0007645698$sactive |
| 949 |
|
$a20080926$bsas$cd$dnt$ep$fcall:n$grepl:n$hgls |
| 994 |
|
$aC0$bGZM |
| 997 |
|
$aMARCIVE |
| LEADER | 06093cam a2200481Ia 4500 |
| 001 |
9982140523602122 |
| 005 |
20230118174125.0 |
| 006 |
m d |
| 007 |
cr cn||||||||| |
| 008 |
081117t20082008maua sb 001 0 eng d |
| 020 |
|
$a1597492663 |
| 020 |
|
$a9781597492669 |
| 029 |
1_
|
$aNZ1$b13068737 |
| 035 |
|
$a(OCoLC)ocn272382259 |
| 035 |
|
$a(WU)8214052-uwmadisondb |
| 035 |
|
$a(EXLNZ-01UWI_NETWORK)9910084874402121 |
| 037 |
|
$a154321:154483$bElsevier Science & Technology$nhttp://www.sciencedirect.com |
| 040 |
|
$aOPELS$beng$cOPELS |
| 049 |
|
$aGZMA |
| 050 |
14
|
$aHF5548.35$b.W75 2008eb |
| 082 |
04
|
$a004.068/1$222 |
| 082 |
04
|
$a658.478$222 |
| 100 |
1_
|
$aWright, Craig. |
| 245 |
14
|
$aThe IT regulatory and standards compliance handbook /$cCraig Wright, Brian Freedman, Dale Liu. |
| 264 |
_1
|
$aBurlington, MA :$bSyngress Pub.,$c[2008] |
| 264 |
_4
|
$c©2008 |
| 300 |
|
$axlii, 715 pages :$billustrations |
| 336 |
|
$atext$btxt$2rdacontent |
| 337 |
|
$acomputer$bc$2rdamedia |
| 338 |
|
$aonline resource$bcr$2rdacarrier |
| 500 |
|
$a"How to survive an information systems audit and assessments"--Cover. |
| 500 |
|
$aTitle from title screen (viewed on Nov. 14, 2008). |
| 504 |
|
$aIncludes bibliographical references and index. |
| 505 |
0_
|
$aIntroduction to IT compliance -- Evolution on information systems -- The information systems audit program -- Planning -- Information gathering -- Security policy overview -- Policy issues and fundamentals -- Assessing security awareness and knowledge of policy -- An introduction to network audit -- Auditing Cisco routers and switches -- Testing the firewall -- Auditing and security with wireless technologies -- Analyzing the results -- An introduction to systems auditing -- Database auditing -- Microsoft Windows security and audits -- Auditing UNIX and Linux -- Auditing web-bases applications -- Other systems -- Risk management, security compliance, and audit controls -- Information systems legislation -- Operations security. |
| 505 |
0_
|
$aSection 1: An Introduction to Information Systems Audit -- Chapter 1 ? Introduction; Chapter 2 - Evolution of Information Systems; Chapter 3 - The Information Systems Audit Program; Chapter 4 ? Planning; Chapter 5 - Information Gathering ; Chapter 6 ? Basic Auditing strategies and Techniques -- Section 2: Security Policy and Procedures -- Chapter 7 ? Security Policy overview; Chapter 8 ? Policy Issues and fundamentals; Chapter 9 - Policy Development; Chapter 10 - Assessing Security Awareness and Knowledge of Policy; Chapter 11 - Reviewing & Assessing Information Systems Policy and Procedures -- Section 3: Network Auditing -- Chapter 12 ? An introduction to Network Audit; Chapter 13 ? Specialist Network Audit Topics; Chapter 14 ? Auditing Cisco Routers and Switches; Chapter 15 - Testing the Firewall -- Chapter 16 ? An Introduction to Wireless Technologies; Chapter 17 ?Wireless Audit Techniques; Chapter 18 ? Advanced Wireless Audit Techniques; Chapter 19 - Analyzing The Results -- Section 4: Systems Audit -- Chapter 20 - An Introduction to Systems Auditing; Chapter 21 ? Database Auditing; Chapter 22 ? Microsoft Windows Security and Audits; Chapter 23 ? Unix and Linux Audit; Chapter 24 - Auditing Web-Based Applications; Chapter 25 ? Other Systems -- Section 5: Other Issues for the Auditor -- Chapter 26 - Risk Management, Security Compliance and Audit Controls; Chapter 27 - Information Systems Legislation; Chapter 28 -Operations Security; Chapter 29 ? Cryptography; Chapter 30 ? Malware -- Appendix A - Preliminary Checklist to Gather Information; Appendix B - Generic Questionnaire for Meetings with Business Process Owners; Appendix C - Generic Questionnaire for Meetings with Technology Owners; Appendix D ? Network and Systems Checklists; Appendix E - Data Classification; Appendix F - Data Retention; Appendix G - Backup and Recovery; Appendix H - Externally Hosted Services; Appendix I ? Assessing Physical Security; Appendix J - Incident Handling and Response; Appendix K - Change Management; Appendix L ? Sarbanes Oxley (SOX); Appendix M ? PCI-DSS (Payment Card Industry ? Data Security Standards); Appendix N - ISO/IEC 17799/27001: Policy, ISMS & Awareness; Appendix O ? Financial Services Requirements (BASEL II, Gramm-Leach-Bliley Act of 1999); Appendix P ? FISMA; Appendix Q - HIPAA Security; Appendix R ? CobiT. |
| 520 |
|
$aThis book provides comprehensive methodology, enabling the staff charged with an IT security audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This "roadmap" provides a way of interpreting complex, often confusing, compliance requirements within the larger scope of an organization's overall needs. Key Features: * The ulitmate guide to making an effective security policy and controls that enable monitoring and testing against them * The most comprehensive IT compliance template available, giving detailed information on testing all your IT security, policy and governance requirements * A guide to meeting the minimum standard, whether you are planning to meet ISO 27001, PCI-DSS, HIPPA, FISCAM, COBIT or any other IT compliance requirement * Both technical staff responsible for securing and auditing information systems and auditors who desire to demonstrate their technical expertise will gain the knowledge, skills and abilities to apply basic risk analysis techniques and to conduct a technical audit of essential information systems from this book * This technically based, practical guide to information systems audit and assessment will show how the process can be used to meet myriad compliance issues. |
| 650 |
_0
|
$aInformation resources management$xAuditing. |
| 650 |
_0
|
$aInformation technology$xManagement. |
| 700 |
1_
|
$aFreedman, Brian. |
| 700 |
1_
|
$aLiu, Dale. |
| 710 |
2_
|
$aScienceDirect (Online service) |
| 776 |
1_
|
$cOriginal$z1597492663$z9781597492669$w(DLC) 2008275631$w(OCoLC)192082627 |
| 856 |
40
|
$uhttp://www.sciencedirect.com/science/book/9781597492669$zAvailable through ScienceDirect |
| 997 |
|
$aMARCIVE |
| LEADER | 05273nam 22006134a 4500 |
| 001 |
991023323102302122 |
| 005 |
20230120005636.0 |
| 006 |
m o d | |
| 007 |
cr -n--------- |
| 008 |
080802s2008 maua ob 001 0 eng |
| 010 |
|
$z 2008275631 |
| 020 |
|
$a1-281-75501-X |
| 020 |
|
$a9786611755010 |
| 020 |
|
$a0-08-056017-2 |
| 035 |
|
$a(CKB)1000000000547665 |
| 035 |
|
$a(EBL)405535 |
| 035 |
|
$a(OCoLC)437246462 |
| 035 |
|
$a(SSID)ssj0000075604 |
| 035 |
|
$a(PQKBManifestationID)11110163 |
| 035 |
|
$a(PQKBTitleCode)TC0000075604 |
| 035 |
|
$a(PQKBWorkID)10130191 |
| 035 |
|
$a(PQKB)10934722 |
| 035 |
|
$a(MiAaPQ)EBC405535 |
| 035 |
|
$a(CaSebORM)9781597492669 |
| 035 |
|
$a(OCoLC)354465274 |
| 035 |
|
$a(OCoLC)ocm354465274 |
| 035 |
|
$a(EXLCZ)991000000000547665 |
| 040 |
|
$aMiAaPQ$cMiAaPQ$dMiAaPQ |
| 041 |
|
$aeng |
| 050 |
_4
|
$aHF5548.35$b.W75 2008 |
| 082 |
00
|
$a004.068/1$a658.4038011 |
| 090 |
|
$aHF5548.35$b.W75 2008 |
| 100 |
1_
|
$aWright, Craig. |
| 245 |
14
|
$aThe IT regulatory and standards compliance handbook$h[electronic resource] /$cCraig Wright, Brian Freedman, Dale Liu. |
| 250 |
|
$a1st edition |
| 260 |
|
$aBurlington, MA :$bSyngress Pub.,$cc2008. |
| 300 |
|
$a1 online resource (758 p.) |
| 336 |
|
$atext$btxt |
| 337 |
|
$acomputer$bc |
| 338 |
|
$aonline resource$bcr |
| 347 |
|
$atext file |
| 505 |
0_
|
$aFront Cover; The IT Regulatory and Standards Compliance Handbook; Copyright Page; Lead Author; Technical Editors; Contents; Chapter 1: Introduction to IT Compliance; Introduction; Does Security Belong within IT?; Management Support; Job Roles and Responsibilities; What Are Audits, Assessments, and Reviews?; Audit; Inspection and Reviews; Penetration Tests and Red Teaming; Ethical Attacks; Vulnerability Assessment; GAP Analysis; Black and White Box Testing; Tools-Based Scanning; Agreed Procedures Review; Acceptance Testing; Data Conversion; The Taxonomy; Vulnerability; Threat-Source; Threat |
| 505 |
8_
|
$aRiskRisk Management; The Decision Test of the Process; Controls; Definition of Internal Control; Key Concepts; Key Controls; Operational Controls; General Controls; Application Controls; IT Governance; Other Terms; Objectivity; Ethics; Ethics, "The 10 Commandments of Computer Ethics"; Planning; Examining and Evaluating Information; A Preliminary Survey; The Program-Criteria for Defining Procedures; The Program; Introduction and Background; Purpose and Scope of the Report; Objectives of the Project; Definition of Terms; Procedures; ISACA; CISA; COBIT; GSNA (SANS/GIAC) |
| 505 |
8_
|
$aIIA (The Institute of Internal Auditors)CIA; FISCAM; Summary; Chapter 2: Evolution of Information Systems; Introduction; Terminology Used in This Book; The Primary Objective of Auditing; The Threat Scene; Threats; Attack Levels; Critical; High; Medium; Low; Suspicious; Modifiers; A High Volume of Attacks; Skilled and/or Unexpected Attacks; Definition Matrix; Threat Matrix; Targeted Attacks; "Hacktivisim"; Cyber Terrorism; Common Criminals; Insider Attacks; Miscellaneous Attackers; Methods of Attack; Information Collection; Unobtrusive Public Research; Social Engineering; Scanning |
| 505 |
8_
|
$aSystem Break-InsFollow-up and Continuing Attacks; Attack Chaining; Vandalism; Denial-of-Service (DoS) Attacks; Single-Message DoS Attacks; Flooding Denial-of-Service (DDoS) Attacks or Distributed DoS Attacks; Smurf Attacks; Land Attacks; Flooding Attacks; Hostile Code; What Is Hostile Code?; Viruses; Bombs; Trojans; Worms; Policy > Procedure > Audit; Summary; Chapter 3: The Information Systems Audit Program; Introduction; Audit Checklists; Baselines; Baselines and Automation; Assurance; Testing Your Organization's Security; Objectivity; Standards and Ethics |
| 505 |
8_
|
$aProtection Testing, Internet Security Assessments, and Ethical AttacksProtection Testing or Internet Assessments; Why People Do Protection Testing; Penetration Testing or Ethical Attacks Vs Protection Testing; Miscellaneous Tests; Server Operating System Security Analysis; Phone Line Scanning; Phone / War dialing Audit Project Tasks; Social Engineering; BCP/DR Testing: Disaster Readiness Assessment; What Is Covered in a BCP/DR Review?; What Does BCP Cover?; Developing an Audit Manual; Preliminary Survey; Criteria for Defining Procedures; The Program; When to Prepare the Program |
| 505 |
8_
|
$aThe Final Report |
| 520 |
|
$aThis book provides comprehensive methodology, enabling the staff charged with an IT security audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This ""roadmap"" provides a way of interpreting complex, often confusing, compliance requirements within the larger scope of an organization's overall needs.Key Features:* The ulitmate guide to making an effective security policy and controls that enable monitoring and testing against them* The most comprehensive IT compliance templa |
| 546 |
|
$aEnglish |
| 500 |
|
$a"How to survive an information systems audit and assessments"--Cover. |
| 504 |
|
$aIncludes bibliographical references and index. |
| 650 |
_0
|
$aInformation technology$xManagement. |
| 650 |
_0
|
$aInformation resources management$xAuditing. |
| 700 |
1_
|
$aFreedman, Brian. |
| 700 |
1_
|
$aLiu, Dale. |
| 776 |
|
$z1-59749-266-3 |
| 906 |
|
$aBOOK |