IT Auditing: Using Controls to Protect Information Assets

Book Description

Protect Your Systems with Proven IT Auditing Strategies

"A must-have for auditors and IT professionals." -Doug Dexter, CISSP-ISSMP, CISA, Audit Team Lead, Cisco Systems, Inc.

Plan for and manage an effective IT audit program using the in-depth information contained in this comprehensive resource. Written by experienced IT audit and security professionals, IT Auditing: Using Controls to Protect Information Assets covers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates. Inside, you'll learn how to analyze Windows, UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, you'll get up-to-date information on legal standards and practices, privacy and ethical issues, and the CobiT standard.

Build and maintain an IT audit function with maximum effectiveness and value

Implement best practice IT audit processes and controls
Analyze UNIX-, Linux-, and Windows-based operating systems
Audit network routers, switches, firewalls, WLANs, and mobile devices
Evaluate entity-level controls, data centers, and disaster recovery plans
Examine Web servers, platforms, and applications for vulnerabilities
Review databases for critical controls
Use the COSO, CobiT, ITIL, ISO, and NSA INFOSEC methodologies
Implement sound risk analysis and risk management practices
Drill down into applications to find potential control weaknesses

Customer Reviews:

Excellent practical coverage of IT Auditing.......2007-06-07

This is by far the most useful book I've seen covering the subject matter of IT Audits in more than 20 years of IT Auditing. I noticed that ISACA picked up this book as part of their bookstore. The narrative is easy to read throughout the book and the book is laid out and formatted thoughtfully.

I now manage the IT Audit function for a large US-based bank and found the first three chapters (Building an Effective IT Audit Function; The Audit Process; and Auditing Entity Level Controls) particularly well done for understanding how to build the IT Audit team into your environment technically and politically.

The next section of the book, Chapters 4-12 (Data Centers/DR; Switches, Routers, Firewalls; Windows; UNIX and Linux; Web Servers; Databases; Applications; WLAN/Mobile; Company Projects) is solid, very well done, and consistent with other checklists we've used. The checklists are written from an auditor's perspective and contain an excellent level of detail covering what you should do, why, and how. Any more detail and a real world audit would never get completed before it was time to move on to the next audit. IT Audits provided my team members excellent guidance on two recent audits. My team liked the book's layout and level of detail. It's written at an appropriate and realistic level that an auditor can work his or her way through a checklist without getting overwhelmed.

Finally, the last section of the book (Frameworks and Standards; Regulations; and Risk Management) provides a good overview of the several standards and regulations we deal with every day. The chapter on Risk Management is one of the best reviews on that topic in a while.

Overall I think this is an exceptional book and I wouldn't hesitate to recommend this to someone in the IT Audit field.

Good if you focus on the auditing profession but ignore some tech details.......2007-05-06

I have no experience with auditing in the formal sense described by IT Auditing. I am familiar with the technical aspects of host and network security, but I wanted to know more about the goals and views of those who audit enterprises from a security standpoint. IT Auditing succeeds when it discusses the profession of auditing but I found some of the technical details lacking. Therefore, I recommend focusing on chapters 1-3 and 12-15, while using the technical chapters as indicators for outside research.

Chapter 1 makes clear that IT Auditing is written for internal audit teams. The author argues that involvement is better than "independence," since adhering to the later business approach is a recipe for outsourcing the audit function. I liked the beginning and end of IT Auditing because they emphasized how internal audit teams should work with business IT functions. These chapters answered questions on whether or not audit should review and comment upon projects before completion (yes) and related "soft" topics.

The middle of IT Auditing concentrates on how to audit data centers, infrastructure, operating systems, Web servers, databases, applications, and wireless/mobile devices. I found these chapters less appealing. When I read "it's much more common to find SNMP Version 2 in most corporate environment" (sic, p 121) or see mention of "Universal Data Ports (UDPs)" (sic, p 172) I question the validity of the technical recommendations. Other examples include equating NAT with proxies (p 117) and the statement that "network vulnerability scanning... is probably the most important type of security discovery or monitoring in most environments" I begin to understand the horror stories I hear from some who are audited.

When it came to understanding the audit mindset, I think IT Auditing really helped me. It seems auditors are far more likely to be interested in reviewing paperwork than really assessing effectiveness of security controls. Repeatedly I read statements like "evaluate the effectiveness of the security personnel function" by looking at documentation. In a few areas auditors seem to understand the value of real tests, e.g., trying to restore a backup rather than reviewing logs saying backups were completed. This focus on validating paperwork over operational activity is the single biggest problem with audits. It's clear a "system" could pass all its audit checks with flying colors while still being completely compromised. (Yes, p 201-2 mentions Chkrootkit, but that program is only effective in limited scenarios.) Audit is configuration and paperwork validation, not system integrity assessment.

I recommend reading IT Auditing if you want to get a better idea of how your auditors think and what they want to inspect. If you're an auditor who wants authoritative technical guidance you will probably learn more from dedicated system and network hardening books designed for administrators. IT Auditing's checklists can at least put you in the ballpark, however.

Average customer rating:

ITS REALLY IMPRESSIVE
A Student Perspective
RON WEBER -AGIN ON IS AUDIT
Information Systems Control and Audit
THE textbook for cutting-edge auditing courses.

Information Systems Control and Audit
Ron A. Weber
Manufacturer: Prentice Hall
ProductGroup: Book
Binding: Hardcover

General | Business & Investing | Subjects | Books

MIS | Industries & Professions | Business & Investing | Subjects | Books

General & Reference | Technology | Science | Subjects | Books

General | Business & Finance | New & Used Textbooks | Stores | Books

All Titles | Qualifying Textbooks - Fall 2007 | Stores | Books

Business & Investing | Qualifying Textbooks - Fall 2007 | Stores | Books

Computers & Internet | Qualifying Textbooks - Fall 2007 | Stores | Books

Professional | Qualifying Textbooks - Fall 2007 | Stores | Books

Science | Qualifying Textbooks - Fall 2007 | Stores | Books
Similar Items:

ASIN: 0139478701

Book Description

This book provides a comprehensive up-to-date survey of the field of accounting information systems control and audit. Presents the most up-to-date technological advances in accounting information technology that have occurred within the last ten years. New material reflects the latest professional standards. The book covers essential subjects and topics, including conducting an information systems audit; frameworks for management and application controls; audit software; concurrent auditing techniques; and evaluating data integrity, system effectiveness, and system efficiency. An essential resource on information systems management for accounting professionals.

Customer Reviews:

ITS REALLY IMPRESSIVE.......2004-07-07

I being a first time reader of this book actually fell in love with the book. It is self explanatory and will leads u to become a good IT auditor if u got a comprehensive auditing back groud. i appreciate the effort by mr weber.

A Student Perspective.......2003-04-25

As a student, I have found this book to be a very difficult read. The chapters were filled with impossible to understand details. Perhaps for a practitioner the book is useful, but as an introductory textbook in a university course, it proved to be a very thick volume with litte useful information.

RON WEBER -AGIN ON IS AUDIT.......2000-01-05

I HAVE READ THE EARLIER BOOK 1988 OF THE SAME AUTHOR.THIS BOOK(EARLIER) HAS HELPED A LOT IN MY PROFESSION. NO BOOK HAS THIS MUCH DETAIL RIGHT FROM THE PROGRAME DESIGNING STAGE TILL THE MAINTENANCE. ESPECIALLY FOR THEAUDIT TEAM WHO ARE IN FIs AND BANKS THIS WILL SERVE AS A POWERFUL TOOL IN WRITING REPORTS CONTROLS. ETC. IT WOULD BE BETTER IF THE EDITION COMES OUT WITH ASIAN EDITION SO THAT WE CAN ACCESS TO THIS BOOK BY RON WEBER

Information Systems Control and Audit.......1999-12-01

a very good book if you are not a techie. this book has all the gritty details that one will ever need for IS auditing for the moment. however i tend to get bogged down by all the details in the book. also, as IT is evolving at a tremedous rate, therefore expect an updated version very soon. the MCQs and review questions at the end of every chapter are very comprehensive and ensures that you can really understand the material that has been discussed in the chapter.

THE textbook for cutting-edge auditing courses........1999-02-25

An excellent textbook that is both comprehensive and enjoyable. Numerous up-to-date examples make the material come alive, and the use of varied theoretical approaches transcends more traditional textbooks.

CISA Review Manual 2006 (CISA - Certified Information Systems Auditor)

Average customer rating:

CISA Review Manual 2006 (CISA - Certified Information Systems Auditor)
ISACA , and Information Systems Audit and Control Association
Manufacturer: ISACA
ProductGroup: Book
Binding: Spiral-bound

General | Reference | Subjects | Books
Similar Items:

CISA: Certified Information Systems Auditor Study Guide

ASIN: 1933284153

Product Description

CISA Review Manual 2006 is a comprehensive reference guide designed to assist individuals in preparing for the Certified Information Systems AuditorTM (CISA®) exam and for individuals who wish to learn more about the role and responsibility of an IS auditor. The 2006 edition of this manual is based on the current CISA job practice and has been significantly enhanced with additional topics and issues. The manual features detailed descriptions of the current tasks performed by IS auditors and the knowledge required to plan, manage and perform IS audits. The structure of the manual includes job content areas and related tasks that an IS auditor should know, including detailed explanations of relevant principles and practices. The 2006 edition also provides definitions, CISA exam practice questions similar in content to what has previously appeared on the CISA examination, and references where additional guidance can be found on specific topics. This manual can be used as a stand-alone document for individual study or as a guide or reference for study groups and chapters conducting local review courses. This manual has been developed and organized to assist in the study of the following areas: The IS audit process IT governance Systems and infrastructure life cycle managment IT delivery and support Protection of information assets Business continuity and disaster recovery

Information Technology Control and Audit

Average customer rating:

Not good for the CISA exam
Useful reference material
Finally a usable explanation of controls!
Too thin
Great resource

Information Technology Control and Audit

Manufacturer: Auerbach Publications
ProductGroup: Book
Binding: Hardcover

MIS | Industries & Professions | Business & Investing | Subjects | Books

Management | Management & Leadership | Business & Investing | Subjects | Books

General | Science | Subjects | Books

General | Computers & Internet | Subjects | Books
Similar Items:

ASIN: 0849399947

Book Description

As you know, today's complex computing environment and shrinking departmental budgets make it vital for IT auditors and security professionals to have practical guidance on conducting audits and ensuring security in today's stretched and quickly changing computing environments. Whether you're new to IT auditing or have years of experience, Information Technology Control and Audit provides you with tools and techniques to solve the audit, control, and security problems and issues you face today. It provides guidance on conducting IT audits on new and legacy systems, coverage of changes in financial and computing standards, explanations of the vulnerabilities of emerging systems, and tips on how to do your job more effectively.

Customer Reviews:

Not good for the CISA exam.......2007-10-02

I bought this book as an additional material to study for the CISA exam. However it didn't help me with the exam at all. Furthermore, in an attempt to cover many things, it did not cover anything in detail. This book is just an endless recollection of bullet points. On top of that, it misses very sensitive topics like disaster recovery planning.

Useful reference material.......2007-02-02

This book has some material relevant to the CISA examination based on the 2003 content areas, although it is not organized or focused as a CISA examination guide. If you are looking for CISA review material for the test, I would strongly suggest to stick with ISACA's combination of review manual and questions CD. I also searched everywhere for study aids for this grueling test and ended up using ISACA's expensive material, but it proved to be the best choice as I passed the Dec 2006 test.

However, as owner of a copy of this book, I assure you that this is an excellent reference of IT management, planning, implementation, risk assessment and control procedures for anyone in the IT business. Most of the material is still relevant as of 2007.

Finally a usable explanation of controls!.......2006-12-30

Audit is not the most exciting topic in the world, but this no fluff book really sets the standard. The care the authors took is obvious from the start, the table of contents is one of the most detailed I have ever seen, it allows the book to be used as a reference.

My favorite chapter was Quality Management, best job of making quality approachable I have seen to date. My least favorite was Project Management, it seemed to lack the application and lean to theory a bit.

I am not an auditor, but as an auditee, this book really helped me understand how they think. Recommended!

Too thin.......2006-03-24

This is a huge book but spends no more then 1 page on any topic. In my opinion the authors only have financial audit experience and little understanding of IT controls. This book shows the failure of the 'integrated auditor' as the authors are tyring to be IT auditors with little IT experience. They touch on some very good points in a few instances and, in general, the book is decent. The authors do not know much outside of the CISA, IIA and financial based certifications as they seem to think that the ISSA (Information Systems Security Assoc.) is sponsored by ISC2/CISSP's (it is not). Overall, I have not been impressed with this book.

Great resource.......2005-12-13

Not having much experience in the IT audit field, this book was a great resource and was easy to understand.

Auding IBM's Customer Information Control System (Internal audit briefings)

Average customer rating:

Auding IBM's Customer Information Control System (Internal audit briefings)
Albert Marcella
Manufacturer: Inst of Internal Auditors
ProductGroup: Book
Binding: Paperback

General | Business & Investing | Subjects | Books

General | Programming | Computers & Internet | Subjects | Books

Average customer rating:

Audit & Control of System Soft
Douglas
Manufacturer: International Publications Service
ProductGroup: Book
Binding: Hardcover

MIS | Industries & Professions | Business & Investing | Subjects | Books

Leadership | Management & Leadership | Business & Investing | Subjects | Books
ASIN: 085012400X

Audit and Control of Computerized Systems

Average customer rating:

Audit and Control of Computerized Systems
Jauier F. Kuong
Manufacturer: Management Advisory Publications
ProductGroup: Book
Binding: Ring-bound

Manager's Guides to Computing | Business & Culture | Computers & Internet | Subjects | Books

Network Security | Networking | Computers & Internet | Subjects | Books
ASIN: 0940706016

Audit and Control of Information Systems

Average customer rating:

Audit and Control of Information Systems
Frederick Gallegos , Dana R. Richardson , and A. Faye Borthick
Manufacturer: South-Western Educational Publishing
ProductGroup: Book
Binding: Hardcover

General | Business & Investing | Subjects | Books

Management | Management & Leadership | Business & Investing | Subjects | Books

General | Computers & Internet | Subjects | Books

General | Databases | Computers & Internet | Subjects | Books
ASIN: 0538109408

Certified Information Systems Auditor - CISA Review Questions, Answers & Explanations Manual 2006 (CISA Review Questions, Answers & Explanations Manual 2006)

Average customer rating:

Certified Information Systems Auditor - CISA Review Questions, Answers & Explanations Manual 2006 (CISA Review Questions, Answers & Explanations Manual 2006)
Information Systems Audit and Control Association
ProductGroup: Book
Binding: Spiral-bound
ASIN: 1933284161

Product Description

2006 Review Manual for obtaining Certification as an Information Systems Auditor. It is a 220 page manual which includes CISA review questions, answers & explanations.

CISA (Certified Information Systems Auditor) Review Questions, Answers and Explanations 2003

Average customer rating:

CISA (Certified Information Systems Auditor) Review Questions, Answers and Explanations 2003
ISACA; Information Systems Audit and Control Assoc
Manufacturer: Information Systems Audit & Control Association
ProductGroup: Book
Binding: Paperback
ASIN: B000OR6HJC

Product Description

With globalization and the growth of international trade on the rise, a true understanding of the laws and practices that govern international business dealings has never been more important. The Legal Side of International Transactions is an authoritative guide for executives and their attorneys on navigating the global marketplace and completing successful transactions, including cross-border acquisitions, investment in foreign companies, establishing a company presence abroad, and more. The eight seasoned attorneys in this book walk readers through the legal basics of international business and also provide insight gained from years of experience on the subtleties of the successful transaction. From exploring opportunities in growing markets like China and Latin America to structuring contracts and selecting a jurisdiction for dispute resolution, this book covers a broad spectrum of issues facing both corporations with a longstanding global presence and those! just beginning to contemplate opportunities abroad. The different niches represented and the breadth of perspectives presented enable readers to get inside some of the great legal minds of today as experts offer up their strategies for success in international transactions. About Inside the Minds: Inside the Minds provides readers with proven business intelligence from C-Level executives (Chairman, CEO, CFO, CMO, Partner) from the world's most respected companies nationwide, rather than third-party accounts from unknown authors and analysts. Each chapter is comparable to an essay/thought leadership piece and is a future-oriented look at where an industry, profession or topic is headed and the most important issues for the future. Through an exhaustive selection process, each author was hand-picked by the Inside the Minds editorial board to author a chapter for this book. This book is by: Bert W. Rein, Senior Partner, Wiley Rein & Fielding LLPGlobalization: Faster, Cheaper, Bigger; William M. Barron, Senior Partner, International Litigation, Alston & Bird LLPRepresenting Foreign Clients in Complex U.S. Litigation; Joseph W. Kimmell II, Chair, International Practice, Baker & Daniels LLPChina: Strategic Planning for the Mid-Sized Company; Timothy J. Murphy, International/Tax Practice Group Leader, Shutts & Bowen LLPPerspectives on Handling International Legal Transactions; Judd L. Kessler, Partner & Chair, International Business Practice Group, Porter Wright Morris & Arthur LLPPlanning for the Resolution of Potential International Disputes; Thomas B. McVey, Chair, International Practice, Williams MullenUnderstanding and Navigating the Global Business Environment; A. Lee Lundy Jr., Partner, Tydings & Rosenberg LLPInternational Dispute Resolution; Roberto R. Pupo, Partner, Hunton & Williams LLPThreshold Considerations in Advising Clients Conducting Latin American Transactions.

Download Description

With globalization and the growth of international trade on the rise, a true understanding of the laws and practices that govern international business dealings has never been more important. The Legal Side of International Transactions is an authoritative guide for executives and their attorneys on navigating the global marketplace and completing successful transactions, including cross-border acquisitions, investment in foreign companies, establishing a company presence abroad, and more. The eight seasoned attorneys in this book walk readers through the legal basics of international business and also provide insight gained from years of experience on the subtleties of the successful transaction. From exploring opportunities in growing markets like China and Latin America to structuring contracts and selecting a jurisdiction for dispute resolution, this book covers a broad spectrum of issues facing both corporations with a longstanding global presence and those just beginning to contemplate opportunities abroad. The different niches represented and the breadth of perspectives presented enable readers to get inside some of the great legal minds of today as experts offer up their strategies for success in international transactions. About Inside the Minds: Inside the Minds provides readers with proven business intelligence from C-Level executives (Chairman, CEO, CFO, CMO, Partner) from the world's most respected companies nationwide, rather than third-party accounts from unknown authors and analysts. Each chapter is comparable to an essay/thought leadership piece and is a future-oriented look at where an industry, profession or topic is headed and the most important issues for the future. Through an exhaustive selection process, each author was hand-picked by the Inside the Minds editorial board to author a chapter for this book. This book is by: Bert W. Rein, Senior Partner, Wiley Rein & Fielding LLP-"Globalization: Faster, Cheaper, Bigger"; William M. Barron, Senior Partner, International Litigation, Alston & Bird LLP-"Representing Foreign Clients in Complex U.S. Litigation"; Joseph W. Kimmell II, Chair, International Practice, Baker & Daniels LLP-"China: Strategic Planning for the Mid-Sized Company"; Timothy J. Murphy, International/Tax Practice Group Leader, Shutts & Bowen LLP-"Perspectives on Handling International Legal Transactions"; Judd L. Kessler, Partner & Chair, International Business Practice Group, Porter Wright Morris & Arthur LLP-"Planning for the Resolution of Potential International Disputes"; Thomas B. McVey, Chair, International Practice, Williams Mullen-"Understanding and Navigating the Global Business Environment"; A. Lee Lundy Jr., Partner, Tydings & Rosenberg LLP-"International Dispute Resolution"; Roberto R. Pupo, Partner, Hunton & Williams LLP-"Threshold Considerations in Advising Clients Conducting Latin American Transactions."

Customer Reviews:

Contents:.......2004-06-02

Here, set quietly and with understanding are the phenomena of American rural living: the personality of tractors, the ins and outs of keeping warm in winter, fall fairs, spring sugaring, a young veterinarian's marvelous skills, the pleasures of watching a well-trained herd dog, the ways of planting corn, slaughtering pigs, milking cows, the extraordinary (and, alas, unusual) success story of a group of organic farmers known to their neighbors as "the chicken s**t people," flashbacks to the farming past, a glimpse of barn swallows defending a weak sister from the attack of a hawk, a country cat earning his keep, old timers' farming lore, the facts of life for city people who want to move to the farm.

All is told, first hand, with enjoyment and humor, with sadness and compassion. Here's the good and the bad of it. Read...and you are down on the farm.

Books:

Books Index

Books Home

Recommended Books