Definition of Auditing
What is auditing?
A computer security audit is a process that can verify that certain standards have been met, and identify areas in need of remediation or improvement. Decades ago, identifying the problem areas had to be done by a team of human auditors, but now software can analyze what's on a computer, and present information.
|
|
Auditing
|
|
Firewall Auditing Checklist
This checklist should be used to audit a firewall. This checklist does not provide vendor specific security considerations but rather attempts to provide a generic listing of security considerations to be used when auditing a firewall. Only technical aspects of security are addressed in this checklist. Manual elements like physical protection for the firewall server is not considered.
Read the Article
|
A Guide to Security Metrics
In the face of regular, high-profile news reports of serious security breaches, security managers are more than ever before being held accountable for demonstrating effectiveness of their security programs. What means should managers be using to meet this challenge? Some experts believe that key among these should be security metrics. This guide provides a definition of security metrics, explains their value, discusses the difficulties in generating them, and suggests a methodology for building a security metrics program.
Read the Article
|
Auditing a database- Oracle DBA hands on5 min 3 sec
As a DBA, you are responsible for auditing the database due to a suspicious transaction on certain table. An unknown user is deleting records and you have been assigned the task to investigate and find out who that person is.
Watch the Video
|
How-To Make Linux System Auditing a Little Easier
In this paper I will talk about the various programs and utilities that can be used to audit your Linux system and how to put them all together in one script to make daily system auditing a little easier.
Read the Article
|
Auditing-In-Depth For Solaris
There are many tools and much information available for auditing and hardening a Solaris system. The goal of this paper is to provide an effective and simple method for in-depth auditing and hardening of Solaris.
Read the Article
|
Sarbanes-Oxley Information Technology Compliance Audit
This paper provides a basic review of the background literature (i.e. extensive but not exhaustive) and develops a process model so that a professional IT Auditor may readily appreciate the subtleties of the Sarbanes Oxley audit process. The case study is developed to illustrate some of the effects of the issues described in the literature and other issues developed in the process model.
Read the Article
|
Computer Audit FAQ
Answers Frequently Asked Questions about computer audit (aka systems audit, IT audit etc.). Offers pragmatic guidance to those new to computer audit, including those about to be computer-audited for the first time. Presented as a web page and now with a downloadable PDF file for off-line reference and printing. Enjoy!
Read the Article
|
Conducting a Security Audit: An Introductory Overview
The word "audit" can send shivers down the spine of the most battle-hardened executive. It means that an outside organization is going to conduct a formal written examination of one or more crucial components of the organization. Financial audits are the most common examinations a business manager encounters. This is a familiar area for most executives: they know that financial auditors are going to examine the financial records and how those records are used. They may even be familiar with physical security audits. However, they are unlikely to be acquainted with information security audits; that is, an audit of how the confidentiality, availability and integrity of an organization's information is assured. They should be. An information security audit is one of the best ways to determine the security of an organization's information without incurring the cost and other associated damages of a security incident.
Read the Article
|
The Institutional Need for Comprehensive Auditing Strategies
This paper begins with a definition of auditing, as the word "audit" can mean different things to different people, and contrasts the use of auditing in data processing's early days to its function in the world of IT, today. The intent is to show that the interconnectedness brought about by business conducted over the Internet alters the scope and approach of audits. Audits once performed at the application or line of business level, though still necessary, are no longer sufficient to surface and assess all exposures created by the new environment. Further arguments elaborate on the impact and implications of the technology that have enabled e-Business and show not only the distinctions between past and present environments, but also become a requirements list for a comprehensive audit strategy. Finally, a series of recommendations are made that outline the foundational elements an organization needs to enable an effective strategy.
Read the Article
|
Security Auditing A Continuous Process
Does your company have internal auditing? Do they think audits are necessary? Are they willing to follow through on an audit, from start to finish? Many think audits are unnecessary and useless. When an audit is completed, the outcome isn't taken seriously. Maybe they are even compromised and manipulated internally. What do you think? Could it take too much time, money, or be an inconvenience. Whatever the reason, there is no excuse for not conducting internal audits. Having timely and thorough audits is a critical piece of an organization but in many cases, they are not being performed, at least in a timely manner. Internal audits are a never-ending process. I would like to help you determine how to successfully configure your W2K file and print server, monitor your server, have an action plan and be prepared for a successful security audit on that server. Although this audit will center on W2K servers, the same principals can be applied to other server audits.
Read the Article
|
|
|
Page: 1 2
Members currently browsing this category:
|
|
