Now more than ever auditors must be aware of what is occurring with computer security. According to a 1999 Computer Security Institute (CSI)/FBI survey there has been a dramatic increase in the number of respondents reporting serious computer incidents to law enforcement. Losses due to security breaches have passed the $100 billion mark.
A complete and definitive guide to auditing the security of IT systems for managers, CIOs, controllers, and auditors
This up-to-date resource provides all the tools you need to perform practical security audits on the entire spectrum of a company's IT platforms-from the mainframe to the individual PC-as well as the networks that connect them to each other and to the global marketplace. Auditing and Security: AS/400, NT, Unix, Networks, and Disaster Recovery Plans is the first book on IT security written specifically for the auditor, detailing what controls are necessary to ensure a secure system regardless of the specific hardware, software, or architecture a company runs. The author uses helpful checklists and diagrams and a practical, rather than theoretical, method to understanding and auditing a company's IT security systems and their requirements. This comprehensive volume covers the full range of issues relating to security audits, including:
* Hardware and software
* Operating systems
* Network connections
* The cooperation of logical and physical security systems
* Disaster recovery planning