Embed Size (px)
Citation preview
The IT Regulatory and Standards Compliance Handbook
Table of Contents:
Order from: www.itgovernance.co.uk/products/2180
Section 1: An Introduction to Information Systems Audit
Chapter 1 - Introduction; Chapter 2 - Evolution of Information Systems; Chapter 3 - The
Information Systems Audit Program; Chapter 4 - Planning; Chapter 5 - Information
Gathering ; Chapter 6 - Basic Auditing Strategies and Techniques
Section 2: Security Policy and Procedures
Chapter 7 - Security Policy overview; Chapter 8 - Policy Issues and Fundamentals; Chapter 9
- Policy Development; Chapter 10 - Assessing Security Awareness and Knowledge of Policy;
Chapter 11 - Reviewing & Assessing Information Systems Policy and Procedures
Section 3: Network Auditing
Chapter 12 - An introduction to Network Audit; Chapter 13 - Specialist Network Audit
Topics; Chapter 14 - Auditing Cisco Routers and Switches; Chapter 15 - Testing the Firewall
Chapter 16 - An Introduction to Wireless Technologies; Chapter 17 - Wireless Audit
Techniques; Chapter 18 - Advanced Wireless Audit Techniques; Chapter 19 - Analyzing The
Results
Section 4: Systems Audit
Chapter 20 - An Introduction to Systems Auditing; Chapter 21 - Database Auditing; Chapter
22 - Microsoft Windows Security and Audits; Chapter 23 - Unix and Linux Audit; Chapter
24 - Auditing Web-Based Applications; Chapter 25 - Other Systems
Section 5: Other Issues for the Auditor
Chapter 26 - Risk Management, Security Compliance and Audit Controls; Chapter 27 -
Information Systems Legislation; Chapter 28 -Operations Security; Chapter 29 -
Cryptography; Chapter 30 - Malware
Appendix A - Preliminary Checklist to Gather Information; Appendix B - Generic
Questionnaire for Meetings with Business Process Owners; Appendix C - Generic
Questionnaire for Meetings with Technology Owners; Appendix D Network and Systems
Checklists; Appendix E - Data Classification; Appendix F - Data Retention; Appendix G -
Backup and Recovery; Appendix H - Externally Hosted Services; Appendix I Assessing
Physical Security; Appendix J - Incident Handling and Response; Appendix K - Change
Management; Appendix L Sarbanes Oxley (SOX); Appendix M PCI-DSS (Payment Card
Industry Data Security Standards); Appendix N - ISO/IEC 17799/27001: Policy, ISMS &
Awareness; Appendix O Financial Services Requirements (BASEL II, Gramm-Leach-Bliley
Act of 1999); Appendix P FISMA; Appendix Q - HIPAA Security; Appendix R CobiT
