Auditing IT Infrastructures for Compliance, Second Edition

Auditing IT Infrastructures for Compliance, Second Edition

Martin Weiss and Michael G. Solomon
ISBN-13: 978-1-284-09070-3
Paperback
400 pages
© 2016

Learn More
Request a Review Copy

  • Description
  • Applied Labs
  • Table of Contents
  • Course Objectives
  • Resources

The Second Edition of Auditing IT Infrastructures for Compliance provides a unique, in-depth look at recent U.S. based Information systems and IT infrastructures compliance laws in both the public and private sector. Written by industry experts, this book provides a comprehensive explanation of how to audit IT infrastructures for compliance based on the most recent laws and the need to protect and secure business and consumer privacy data. Using examples and exercises, this Second Edition incorporates numerous hands-on activities to prepare readers to skillfully complete IT compliance auditing.

New and Key Features of the Second Edition

  • Includes updates on new pertinent laws and regulations, including FISMA and DoD
  • References all new standards such as COBIT, SANS, ISACA, ISO/IEC 27001 and CRMA
  • New sections added on the Children’s Online Privacy Protection Act (COPPA), Service Organization Control (SOC) Reports, the NIST Cybersecurity Framework, and Certification in Risk Assessment (CRMA)
  • Tips, Notes, FYIs, and Warnings appear throughout the text and provide helpful information related to the subject at hand

This title is available with a lab manual that allows students to put their classroom skills to work through numerous laboratory exercises.
 

Lab #1: Assessing the Impact of Sarbanes-Oxley (SOX) Compliance Law on Enron
Lab #2: Aligning Auditing Frameworks for a Business Unit Within DoD
Lab #3: Defining a Process for Gathering Information Pertaining to a HIPAA Compliance Audit
Lab #4: Aligning an IT Security Assessment – Risk, Threats, and
Vulnerability Assessments – to Achieve Compliance
Lab #5: Defining a Process for Gathering Information Pertaining to a GLBA Compliance Audit
Lab #6: Auditing the Workstation Domain for Compliance
Lab #7: Auditing the LAN-to-WAN Domain for Compliance
Lab #8: Auditing the Remote Access Domain for Compliance
Lab #9: Auditing the Systems/Application Domain for Compliance
Lab #10: Charting Your Career Path – Professional Certifications
Chapter 1: The Need for Information Systems Security Compliance
Chapter 2: Overview of U.S. Compliancy Laws
Chapter 3: What Is the Scope of an IT Compliance Audit?
Chapter 4: Auditing Standards and Frameworks
Chapter 5: Planning an IT Infrastructure Audit for Compliance
Chapter 6: Conducting an IT Infrastructure Audit for Compliance
Chapter 7: Writing the IT Infrastructure Audit Report
Chapter 8: Compliance Within the User Domain
Chapter 9: Compliance Within the Workstation Domain
Chapter 10: Compliance Within the LAN Domain
Chapter 11: Compliance Within the LAN-to-WAN Domain
Chapter 12: Compliance Within the WAN Domain
Chapter 13: Compliance Within the Remote Access Domain
Chapter 14: Compliance Within the System/Application Domain
Chapter 15: Ethics, Education, and Certification for IT Auditors
  1. To describe the role of ISS compliance in relation to U.S. compliance laws
  2. To explain the use of standards and frameworks in a compliance audit of an IT infrastructure.
  3. To describe the components and basic requirements for creating an audit plan to support business and system considerations.
  4. To describe the different parameters required to conduct and report on IT infrastructure audit for organizational compliance.
  5. To describe information security systems compliance requirements within the User Domain.
  6. To describe information security systems compliance requirements within the Workstation and LAN Domains.
  7. To use an appropriate framework to implement ISS compliance within the LAN-to-WAN and WAN Domains.
  8. To describe information security systems compliance requirements within the Remote Access Domain.
  9. To describe the information security systems compliance requirements within the System/Application Domain.
  10. To describe the qualifications, ethics, and certification organizations for IT auditors.

Instructor Resources include:

  • PowerPoint Lectures
  • Instructor’s Guide
  • Test and Quiz Items
  • Sample Syllabus
  • Case Scenarios/Handouts
  • Handouts
  • Projects
  • Study Guide
  • Time on Task
  • Content Map