IT Auditing Using Controls to Protect Information Assets, 2/e (Paperback)

Chris Davis, Mike Schiller, Kevin Wheeler

  • 出版商: McGraw-Hill Education
  • 出版日期: 2011-01-31
  • 售價: $2,540
  • 貴賓價: 9.5$2,413
  • 語言: 英文
  • 頁數: 512
  • 裝訂: Perfect Paperback
  • ISBN: 0071742387
  • ISBN-13: 9780071742382
  • 海外代購書籍(需單獨結帳)

買這商品的人也買了...

商品描述

Secure Your Systems Using the Latest IT Auditing Techniques

Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Second Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cloud computing, outsourced operations, virtualization, and storage are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource.

  • Build and maintain an internal IT audit function with maximum effectiveness and value
  • Audit entity-level controls, data centers, and disaster recovery
  • Examine switches, routers, and firewalls
  • Evaluate Windows, UNIX, and Linux operating systems
  • Audit Web servers and applications
  • Analyze databases and storage solutions
  • Assess WLAN and mobile devices
  • Audit virtualized environments
  • Evaluate risks associated with cloud computing and outsourced operations
  • Drill down into applications to find potential control weaknesses
  • Use standards and frameworks, such as COBIT, ITIL, and ISO
  • Understand regulations, including Sarbanes-Oxley, HIPAA, and PCI
  • Implement proven risk management practices

商品描述(中文翻譯)

使用最新的IT審計技術保護您的系統安全

全面更新以涵蓋領先的工具和技術,《IT審計:使用控制保護信息資產,第二版》逐步解釋了如何實施成功的企業級IT審計計劃。新增了關於審計雲計算、外包運營、虛擬化和存儲的章節。本全面指南描述了如何組建一個有效的IT審計團隊,並最大化IT審計功能的價值。深入詳細地介紹了執行特定審計的細節,並附有實際案例、可立即使用的檢查表和寶貴的模板。本書還涵蓋了標準、框架、法規和風險管理技術。


  • 建立並維護一個內部IT審計功能,以最大效益和價值

  • 審計實體級控制、數據中心和災難恢復

  • 檢查交換機、路由器和防火牆

  • 評估Windows、UNIX和Linux操作系統

  • 審計Web服務器和應用程序

  • 分析數據庫和存儲解決方案

  • 評估WLAN和移動設備

  • 審計虛擬化環境

  • 評估與雲計算和外包運營相關的風險

  • 深入應用程序以找出潛在的控制弱點

  • 使用COBIT、ITIL和ISO等標準和框架

  • 了解諸如Sarbanes-Oxley、HIPAA和PCI等法規

  • 實施經過驗證的風險管理實踐