IT Auditing Using Controls to Protect Information Assets, 2nd Edition

Secure Your Systems Using the Latest IT Auditing Techniques

Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Second Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cloud computing, outsourced operations, virtualization, and storage are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource.

Build and maintain an internal IT audit function with maximum effectiveness and value

Audit entity-level controls, data centers, and disaster recovery

Examine switches, routers, and firewalls

Evaluate Windows, UNIX, and Linux operating systems

Audit Web servers and applications

Analyze databases and storage solutions

Assess WLAN and mobile devices

Audit virtualized environments

Evaluate risks associated with cloud computing and outsourced operations

Drill down into applications to find potential control weaknesses

Use standards and frameworks, such as COBIT, ITIL, and ISO

Understand regulations, including Sarbanes-Oxley, HIPAA, and PCI

Implement proven risk management practices