IT Auditing Using Controls to Protect Information Assets, 2nd Edition

IT Auditing Using Controls to Protect Information Assets, 2nd Edition
Author: Chris Davis
Publisher: McGraw Hill Professional
Total Pages: 513
Release: 2011-02-05
Genre: Computers
ISBN: 0071742395

Secure Your Systems Using the Latest IT Auditing Techniques Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Second Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cloud computing, outsourced operations, virtualization, and storage are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource. Build and maintain an internal IT audit function with maximum effectiveness and value Audit entity-level controls, data centers, and disaster recovery Examine switches, routers, and firewalls Evaluate Windows, UNIX, and Linux operating systems Audit Web servers and applications Analyze databases and storage solutions Assess WLAN and mobile devices Audit virtualized environments Evaluate risks associated with cloud computing and outsourced operations Drill down into applications to find potential control weaknesses Use standards and frameworks, such as COBIT, ITIL, and ISO Understand regulations, including Sarbanes-Oxley, HIPAA, and PCI Implement proven risk management practices

IT Auditing Using Controls to Protect Information Assets, Third Edition

IT Auditing Using Controls to Protect Information Assets, Third Edition
Author: Chris Davis
Publisher: McGraw Hill Professional
Total Pages: 577
Release: 2019-10-04
Genre: Computers
ISBN: 1260453235

Secure Your Systems Using the Latest IT Auditing Techniques Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Third Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cybersecurity programs, big data and data repositories, and new technologies are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource. • Build and maintain an internal IT audit function with maximum effectiveness and value • Audit entity-level controls and cybersecurity programs • Assess data centers and disaster recovery • Examine switches, routers, and firewalls • Evaluate Windows, UNIX, and Linux operating systems • Audit Web servers and applications • Analyze databases and storage solutions • Review big data and data repositories • Assess end user computer devices, including PCs and mobile devices • Audit virtualized environments • Evaluate risks associated with cloud computing and outsourced operations • Drill down into applications and projects to find potential control weaknesses • Learn best practices for auditing new technologies • Use standards and frameworks, such as COBIT, ITIL, and ISO • Understand regulations, including Sarbanes-Oxley, HIPAA, and PCI • Implement proven risk management practices

Hacking Exposed Web Applications, Third Edition

Hacking Exposed Web Applications, Third Edition
Author: Joel Scambray
Publisher: McGraw Hill Professional
Total Pages: 481
Release: 2010-10-22
Genre: Computers
ISBN: 0071740422

The latest Web app attacks and countermeasures from world-renowned practitioners Protect your Web applications from malicious attacks by mastering the weapons and thought processes of today's hacker. Written by recognized security practitioners and thought leaders, Hacking Exposed Web Applications, Third Edition is fully updated to cover new infiltration methods and countermeasures. Find out how to reinforce authentication and authorization, plug holes in Firefox and IE, reinforce against injection attacks, and secure Web 2.0 features. Integrating security into the Web development lifecycle (SDL) and into the broader enterprise information security program is also covered in this comprehensive resource. Get full details on the hacker's footprinting, scanning, and profiling tools, including SHODAN, Maltego, and OWASP DirBuster See new exploits of popular platforms like Sun Java System Web Server and Oracle WebLogic in operation Understand how attackers defeat commonly used Web authentication technologies See how real-world session attacks leak sensitive data and how to fortify your applications Learn the most devastating methods used in today's hacks, including SQL injection, XSS, XSRF, phishing, and XML injection techniques Find and fix vulnerabilities in ASP.NET, PHP, and J2EE execution environments Safety deploy XML, social networking, cloud computing, and Web 2.0 services Defend against RIA, Ajax, UGC, and browser-based, client-side exploits Implement scalable threat modeling, code review, application scanning, fuzzing, and security testing procedures

Security Metrics, A Beginner's Guide

Security Metrics, A Beginner's Guide
Author: Caroline Wong
Publisher: McGraw Hill Professional
Total Pages: 433
Release: 2011-10-06
Genre: Computers
ISBN: 0071744010

Security Smarts for the Self-Guided IT Professional “An extraordinarily thorough and sophisticated explanation of why you need to measure the effectiveness of your security program and how to do it. A must-have for any quality security program!”—Dave Cullinane, CISSP, CISO & VP, Global Fraud, Risk & Security, eBay Learn how to communicate the value of an information security program, enable investment planning and decision making, and drive necessary change to improve the security of your organization. Security Metrics: A Beginner's Guide explains, step by step, how to develop and implement a successful security metrics program. This practical resource covers project management, communication, analytics tools, identifying targets, defining objectives, obtaining stakeholder buy-in, metrics automation, data quality, and resourcing. You'll also get details on cloud-based security metrics and process improvement. Templates, checklists, and examples give you the hands-on help you need to get started right away. Security Metrics: A Beginner's Guide features: Lingo--Common security terms defined so that you're in the know on the job IMHO--Frank and relevant opinions based on the author's years of industry experience Budget Note--Tips for getting security technologies and processes into your organization's budget In Actual Practice--Exceptions to the rules of security explained in real-world contexts Your Plan--Customizable checklists you can use on the job now Into Action--Tips on how, why, and when to apply new skills and techniques at work Caroline Wong, CISSP, was formerly the Chief of Staff for the Global Information Security Team at eBay, where she built the security metrics program from the ground up. She has been a featured speaker at RSA, ITWeb Summit, Metricon, the Executive Women's Forum, ISC2, and the Information Security Forum.

Information Security Risk Management for ISO 27001/ISO 27002, third edition

Information Security Risk Management for ISO 27001/ISO 27002, third edition
Author: Alan Calder
Publisher: IT Governance Ltd
Total Pages: 181
Release: 2019-08-29
Genre: Computers
ISBN: 1787781372

Ideal for risk managers, information security managers, lead implementers, compliance managers and consultants, as well as providing useful background material for auditors, this book will enable readers to develop an ISO 27001-compliant risk assessment framework for their organisation and deliver real, bottom-line business benefits.

The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk

The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk
Author: N.K. McCarthy
Publisher: McGraw Hill Professional
Total Pages: 242
Release: 2012-08-07
Genre: Computers
ISBN: 007179039X

Annotation. Based on proven, rock-solid computer incident response plans, this handbook is derived from real-world incident response plans that work and have survived audits and repeated execution during data breaches and due diligence. The book provides an overview of attack and breach types, strategies for assessing an organization, and more.

Web Application Security, A Beginner's Guide

Web Application Security, A Beginner's Guide
Author: Bryan Sullivan
Publisher: McGraw Hill Professional
Total Pages: 353
Release: 2011-12-06
Genre: Computers
ISBN: 0071776125

Security Smarts for the Self-Guided IT Professional “Get to know the hackers—or plan on getting hacked. Sullivan and Liu have created a savvy, essentials-based approach to web app security packed with immediately applicable tools for any information security practitioner sharpening his or her tools or just starting out.”—Ryan McGeehan, Security Manager, Facebook, Inc. Secure web applications from today's most devious hackers. Web Application Security: A Beginner's Guide helps you stock your security toolkit, prevent common hacks, and defend quickly against malicious attacks. This practical resource includes chapters on authentication, authorization, and session management, along with browser, database, and file security--all supported by true stories from industry. You'll also get best practices for vulnerability detection and secure development, as well as a chapter that covers essential security fundamentals. This book's templates, checklists, and examples are designed to help you get started right away. Web Application Security: A Beginner's Guide features: Lingo--Common security terms defined so that you're in the know on the job IMHO--Frank and relevant opinions based on the authors' years of industry experience Budget Note--Tips for getting security technologies and processes into your organization's budget In Actual Practice--Exceptions to the rules of security explained in real-world contexts Your Plan--Customizable checklists you can use on the job now Into Action--Tips on how, why, and when to apply new skills and techniques at work

Hacking Exposed Wireless, Second Edition

Hacking Exposed Wireless, Second Edition
Author: Johnny Cache
Publisher: McGraw Hill Professional
Total Pages: 513
Release: 2010-08-05
Genre: Computers
ISBN: 0071666621

The latest wireless security solutions Protect your wireless systems from crippling attacks using the detailed security information in this comprehensive volume. Thoroughly updated to cover today's established and emerging wireless technologies, Hacking Exposed Wireless, second edition reveals how attackers use readily available and custom tools to target, infiltrate, and hijack vulnerable systems. This book discusses the latest developments in Wi-Fi, Bluetooth, ZigBee, and DECT hacking, and explains how to perform penetration tests, reinforce WPA protection schemes, mitigate packet injection risk, and lock down Bluetooth and RF devices. Cutting-edge techniques for exploiting Wi-Fi clients, WPA2, cordless phones, Bluetooth pairing, and ZigBee encryption are also covered in this fully revised guide. Build and configure your Wi-Fi attack arsenal with the best hardware and software tools Explore common weaknesses in WPA2 networks through the eyes of an attacker Leverage post-compromise remote client attacks on Windows 7 and Mac OS X Master attack tools to exploit wireless systems, including Aircrack-ng, coWPAtty, Pyrit, IPPON, FreeRADIUS-WPE, and the all new KillerBee Evaluate your threat to software update impersonation attacks on public networks Assess your threat to eavesdropping attacks on Wi-Fi, Bluetooth, ZigBee, and DECT networks using commercial and custom tools Develop advanced skills leveraging Software Defined Radio and other flexible frameworks Apply comprehensive defenses to protect your wireless devices and infrastructure

Network Security A Beginner's Guide 3/E

Network Security A Beginner's Guide 3/E
Author: Eric Maiwald
Publisher: McGraw Hill Professional
Total Pages: 338
Release: 2012-09-25
Genre: Computers
ISBN: 0071795707

Security Smarts for the Self-Guided IT Professional Defend your network against a wide range of existing and emerging threats. Written by a Certified Information Systems Security Professional with more than 20 years of experience in the field, Network Security: A Beginner's Guide, Third Edition is fully updated to include the latest and most effective security strategies. You'll learn about the four basic types of attacks, how hackers exploit them, and how to implement information security services to protect information and systems. Perimeter, monitoring, and encryption technologies are discussed in detail. The book explains how to create and deploy an effective security policy, manage and assess risk, and perform audits. Information security best practices and standards, including ISO/IEC 27002, are covered in this practical resource. Network Security: A Beginner's Guide, Third Edition features: Lingo--Common security terms defined so that you're in the know on the job IMHO--Frank and relevant opinions based on the author's years of industry experience Budget Note--Tips for getting security technologies and processes into your organization's budget In Actual Practice--Exceptions to the rules of security explained in real-world contexts Your Plan--Customizable checklists you can use on the job now Into Action--Tips on how, why, and when to apply new skills and techniques at work

Access Control and Identity Management

Access Control and Identity Management
Author: Mike Chapple
Publisher: Jones & Bartlett Learning
Total Pages: 397
Release: 2020-10-01
Genre: Computers
ISBN: 1284198359

Revised and updated with the latest data from this fast paced field, Access Control, Authentication, and Public Key Infrastructure defines the components of access control, provides a business framework for implementation, and discusses legal requirements that impact access control programs.