Controls & Assurance in the Cloud: Using COBIT 5

Controls & Assurance in the Cloud: Using COBIT 5
Author: ISACA
Publisher: ISACA
Total Pages: 266
Release: 2014-03-24
Genre: Technology & Engineering
ISBN: 1604204648

"This practical guidance was created for enterprises using or considering using cloud computing. It provides a governance and control framework based on COBIT 5 and an audit program using COBIT 5 for Assurance. This information can assist enterprises in assessing the potential value of cloud investments to determine whether the risk is within the acceptable level. In addition, it provides a list of publications and resources that can help determine if cloud computing is the appropriate solution for the data and processes being considered."--

Transforming Cybersecurity: Using COBIT 5

Transforming Cybersecurity: Using COBIT 5
Author: ISACA
Publisher: ISACA
Total Pages: 190
Release: 2013-06-18
Genre: Business enterprises
ISBN: 1604203412

The cost and frequency of cybersecurity incidents are on the rise, is your enterprise keeping pace? The numbers of threats, risk scenarios and vulnerabilities have grown exponentially. Cybersecurity has evolved as a new field of interest, gaining political and societal attention. Given this magnitude, the future tasks and responsibilities associated with cybersecurity will be essential to organizational survival and profitability. This publication applies the COBIT 5 framework and its component publications to transforming cybersecurity in a systemic way. First, the impacts of cybercrime and cyberwarfare on business and society are illustrated and put in context. This section shows the rise in cost and frequency of security incidents, including APT attacks and other threats with a critical impact and high intensity. Second, the transformation addresses security governance, security management and security assurance. In accordance with the lens concept within COBIT 5, these sections cover all elements of the systemic transformation and cybersecurity improvements.

COBIT 5 for Risk

COBIT 5 for Risk
Author: ISACA
Publisher: ISACA
Total Pages: 246
Release: 2013-09-25
Genre: Technology & Engineering
ISBN: 1604204575

Information is a key resource for all enterprises. From the time information is created to the moment it is destroyed, technology plays a significant role in containing, distributing and analysing information. Technology is increasingly advanced and has become pervasive in enterprises and the social, public and business environments.

PCI DSS

PCI DSS
Author: Jim Seaman
Publisher: Apress
Total Pages: 549
Release: 2020-05-01
Genre: Computers
ISBN: 1484258088

Gain a broad understanding of how PCI DSS is structured and obtain a high-level view of the contents and context of each of the 12 top-level requirements. The guidance provided in this book will help you effectively apply PCI DSS in your business environments, enhance your payment card defensive posture, and reduce the opportunities for criminals to compromise your network or steal sensitive data assets. Businesses are seeing an increased volume of data breaches, where an opportunist attacker from outside the business or a disaffected employee successfully exploits poor company practices. Rather than being a regurgitation of the PCI DSS controls, this book aims to help you balance the needs of running your business with the value of implementing PCI DSS for the protection of consumer payment card data. Applying lessons learned from history, military experiences (including multiple deployments into hostile areas), numerous PCI QSA assignments, and corporate cybersecurity and InfoSec roles, author Jim Seaman helps you understand the complexities of the payment card industry data security standard as you protect cardholder data. You will learn how to align the standard with your business IT systems or operations that store, process, and/or transmit sensitive data. This book will help you develop a business cybersecurity and InfoSec strategy through the correct interpretation, implementation, and maintenance of PCI DSS. What You Will Learn Be aware of recent data privacy regulatory changes and the release of PCI DSS v4.0Improve the defense of consumer payment card data to safeguard the reputation of your business and make it more difficult for criminals to breach securityBe familiar with the goals and requirements related to the structure and interdependencies of PCI DSSKnow the potential avenues of attack associated with business payment operationsMake PCI DSS an integral component of your business operationsUnderstand the benefits of enhancing your security cultureSee how the implementation of PCI DSS causes a positive ripple effect across your business Who This Book Is For Business leaders, information security (InfoSec) practitioners, chief information security managers, cybersecurity practitioners, risk managers, IT operations managers, business owners, military enthusiasts, and IT auditors

COBIT 5 for Information Security

COBIT 5 for Information Security
Author: ISACA
Publisher: ISACA
Total Pages: 220
Release: 2012
Genre: Business & Economics
ISBN: 1604202548

COBIT 5 provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT. COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise, taking into account the full end-to-end business and IT functional areas of responsibility, considering IT-related interests of internal and external stakeholders.

Advanced Infrastructure Penetration Testing

Advanced Infrastructure Penetration Testing
Author: Chiheb Chebbi
Publisher: Packt Publishing Ltd
Total Pages: 388
Release: 2018-02-26
Genre: Computers
ISBN: 178862341X

A highly detailed guide to performing powerful attack vectors in many hands-on scenarios and defending significant security flaws in your company's infrastructure Key Features Advanced exploitation techniques to breach modern operating systems and complex network devices Learn about Docker breakouts, Active Directory delegation, and CRON jobs Practical use cases to deliver an intelligent endpoint-protected system Book Description It has always been difficult to gain hands-on experience and a comprehensive understanding of advanced penetration testing techniques and vulnerability assessment and management. This book will be your one-stop solution to compromising complex network devices and modern operating systems. This book provides you with advanced penetration testing techniques that will help you exploit databases, web and application servers, switches or routers, Docker, VLAN, VoIP, and VPN. With this book, you will explore exploitation abilities such as offensive PowerShell tools and techniques, CI servers, database exploitation, Active Directory delegation, kernel exploits, cron jobs, VLAN hopping, and Docker breakouts. Moving on, this book will not only walk you through managing vulnerabilities, but will also teach you how to ensure endpoint protection. Toward the end of this book, you will also discover post-exploitation tips, tools, and methodologies to help your organization build an intelligent security system. By the end of this book, you will have mastered the skills and methodologies needed to breach infrastructures and provide complete endpoint protection for your system. What you will learn Exposure to advanced infrastructure penetration testing techniques and methodologies Gain hands-on experience of penetration testing in Linux system vulnerabilities and memory exploitation Understand what it takes to break into enterprise networks Learn to secure the configuration management environment and continuous delivery pipeline Gain an understanding of how to exploit networks and IoT devices Discover real-world, post-exploitation techniques and countermeasures Who this book is for If you are a system administrator, SOC analyst, penetration tester, or a network engineer and want to take your penetration testing skills and security knowledge to the next level, then this book is for you. Some prior experience with penetration testing tools and knowledge of Linux and Windows command-line syntax is beneficial.

Sarbanes-Oxley Compliance Using COBIT and Open Source Tools

Sarbanes-Oxley Compliance Using COBIT and Open Source Tools
Author: Christian B Lahti
Publisher: Elsevier
Total Pages: 360
Release: 2005-10-07
Genre: Computers
ISBN: 0080489672

This book illustrates the many Open Source cost savings opportunities available to companies seeking Sarbanes-Oxley compliance. It also provides examples of the Open Source infrastructure components that can and should be made compliant. In addition, the book clearly documents which Open Source tools you should consider using in the journey towards compliance. Although many books and reference material have been authored on the financial and business side of Sox compliance, very little material is available that directly address the information technology considerations, even less so on how Open Source fits into that discussion.Each chapter begins with an analysis of the business and technical ramifications of Sarbanes-Oxley as regards to topics covered before moving into the detailed instructions on the use of the various Open Source applications and tools relating to the compliance objectives. - Shows companies how to use Open Source tools to achieve SOX compliance, which dramatically lowers the cost of using proprietary, commercial applications - Only SOX compliance book specifically detailing steps to achieve SOX compliance for IT Professionals