IT Auditing: Using Controls to Protect Information Assets, Third Edition

  • 12h 17m
  • Brian Wrozek, Chris Davis, Mike Kegerreis, Mike Schiller
  • McGraw-Hill/Osborne
  • 2020

Secure Your Systems Using the Latest IT Auditing Techniques

Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Third Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cybersecurity programs, big data and data repositories, and new technologies are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource.

  • Build and maintain an internal IT audit function with maximum effectiveness and value
  • Audit entity-level controls and cybersecurity programs
  • Assess data centers and disaster recovery
  • Examine switches, routers, and firewalls
  • Evaluate Windows, UNIX, and Linux operating systems
  • Audit Web servers and applications
  • Analyze databases and storage solutions
  • Review big data and data repositories
  • Assess end user computer devices, including PCs and mobile devices
  • Audit virtualized environments
  • Evaluate risks associated with cloud computing and outsourced operations
  • Drill down into applications and projects to find potential control weaknesses
  • Learn best practices for auditing new technologies
  • Use standards and frameworks, such as COBIT, ITIL, and ISO
  • Understand regulations, including Sarbanes-Oxley, HIPAA, and PCI
  • Implement proven risk management practices

About the Authors

Mike Kegerreis, CISSP, is the lead information security architect at Texas Instruments and has over 20 years of experience in designing, developing, and securing IT systems.

Mike Schiller, CISA, is the chief information security officer at Texas Instruments and has more than 15 years of experience in the IT audit field, including as the IT audit director at Texas Instruments and Sabre.

Chris Davis, MBA, CISA, CISSP, CCNP, is the coauthor of Hacking Exposed Computer Forensics, Second Edition and Anti-Hacker Tool Kit, Third Edition.

In this Book

  • Introduction
  • Building an Effective Internal IT Audit Function
  • The Audit Process
  • Auditing Entity-Level Controls
  • Auditing Cybersecurity Programs
  • Auditing Data Centers and Disaster Recovery
  • Auditing Networking Devices
  • Auditing Windows Servers
  • Auditing Unix and Linux Operating Systems
  • Auditing Web Servers and Web Applications
  • Auditing Databases
  • Auditing Big Data and Data Repositories
  • Auditing Storage
  • Auditing Virtualized Environments
  • Auditing End-User Computing Devices
  • Auditing Applications
  • Auditing Cloud Computing and Outsourced Operations
  • Auditing Company Projects
  • Auditing New/Other Technologies
  • Frameworks and Standards
  • Regulations
  • Risk Management


Rating 4.6 of 85 users Rating 4.6 of 85 users (85)
Rating 4.4 of 58 users Rating 4.4 of 58 users (58)
Rating 4.4 of 105 users Rating 4.4 of 105 users (105)