The IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and Assessments

  • 12h 30m
  • Craig S. Wright
  • Elsevier Science and Technology Books, Inc.
  • 2008

This book provides comprehensive methodology, enabling the staff charged with an IT security audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This "roadmap" provides a way of interpreting complex, often confusing, compliance requirements within the larger scope of an organization's overall needs.

Key Features:

  • The ulitmate guide to making an effective security policy and controls that enable monitoring and testing against them
  • The most comprehensive IT compliance template available, giving detailed information on testing all your IT security, policy and governance requirements
  • A guide to meeting the minimum standard, whether you are planning to meet ISO 27001, PCI-DSS, HIPPA, FISCAM, COBIT or any other IT compliance requirement
  • Both technical staff responsible for securing and auditing information systems and auditors who desire to demonstrate their technical expertise will gain the knowledge, skills and abilities to apply basic risk analysis techniques and to conduct a technical audit of essential information systems from this book
  • This technically based, practical guide to information systems audit and assessment will show how the process can be used to meet myriad compliance issues

About the Author

Craig Wright has personally conducted in excess of 1,200 IT security-related engagements for more than 120 Australian and international organizations in the private and government sectors and now works for BDO Kendall’s in Australia.

In addition to his consulting engagements, Craig has also authored numerous IT security-related articles. He also has been involved with designing the architecture for the world’s first online casino (Lasseter’s Online) in the Northern Territory. He has designed and managed the implementation of many of the systems that protected the Australian Stock Exchange. He also developed and implemented the security policies and procedural practices within Mahindra and Mahindra, India’s largest vehicle manufacturer.

He holds (among others) the following industry certifications: CISSP (ISSAP & ISSMP), CISA, CISM, CCE, GNSA, G7799, GWAS, GCFA, GLEG, GSEC, GREM, GPCI, MCSE, and GSPA. He has completed numerous degrees in a variety of fields and is currently completing both a master’s degree in statistics (at Newcastle) and a master’s degree in law (LLM) specializing in international commercial law (E-commerce Law). Craig is planning to start his second doctorate, a PhD in economics and law in the digital age, in early 2008.

In this Book

  • Introduction to IT Compliance
  • Evolution of Information Systems
  • The Information Systems Audit Program
  • Planning
  • Information Gathering
  • Security Policy Overview
  • Policy Issues and Fundamentals
  • Assessing Security Awareness and Knowledge of Policy
  • An Introduction to Network Audit
  • Auditing Cisco Routers and Switches
  • Testing the Firewall
  • Auditing and Security with Wireless Technologies
  • Analyzing the Results
  • An Introduction to Systems Auditing
  • Database Auditing
  • Microsoft Windows Security and Audits
  • Auditing UNIX and Linux
  • Auditing Web-Based Applications
  • Other Systems
  • Risk Management, Security Compliance, and Audit Controls
  • Information Systems Legislation
  • Operations Security


Rating 4.6 of 5 users Rating 4.6 of 5 users (5)
Rating 4.8 of 44 users Rating 4.8 of 44 users (44)