Home » Data Protection » IT Audit

IT Audit

IT audit news, analysis, best practices and how-tos

IT Audit articles

The in-depth guide to data destruction

A critical part of securing intellectual property is the timely elimination of records and data you no longer need. Here's the scoop on overwriting, degaussing and physical destruction of media.

» full story

Nation's nuclear power watchdog comes up short on FISMA compliance

Majority of compliance gaps surround configuration and vulnerability management, an independent audit finds. But NRC has made important strides, too.

» full story

Small company, big security challenges

Startup Linkable Networks decided to meet PCI DSS Level 1 security requirements, with cloud-based infrastructure as an extra wrinkle. Here's a look inside the effort.

» full story

Cisco CSO on self-defending networks: The marketing's dead, the goal's alive

Cisco security chief John Stewart on the future of the 'self-defending network' and why IT security shops must return to basics

» full story

Forget new threats: It's the old-school attacks that keep getting you

Pen tester Rob Havelt has found that the most egregious security lapses have nothing to do with the latest, most-hyped threats.

» full story

Healthcare security needs a booster shot

Healthcare organizations are swiftly embracing electronic records and social media, but their investments in information security and privacy are lagging.

» full story

Mac OS X Lion: Losing its security pride

Spate of vulnerabilities and Trojan attacks has some wondering about the state of Apple Mac security.

» full story

SIEM: Dead or alive?

Security practitioners defend the value of SIEM after elQnetworks declares the technology dead.

» full story

Senator to businesses: Protect data or pay

Senator Richard Blumenthal says his data breach legislation will deter data breaches. IT security experts have their doubts.

» full story

Data breach risks: Not just the insider threat

Data flows with business partners need as much attention, if not more. Here are key questions and considerations to get you started.

» full story

» View all IT Audit articles

MORE GREAT IT AUDIT RESOURCES

An IT audit verifies the presence and effectiveness of controls to protect data integrity and security. Need even more depth on getting the most from information technology audits? Here are links to books, websites, associations and other information resources to help understand the state of the art.

IT Auditing Using Controls to Protect Information Assets, 2nd Edition by Chris Davis and Mike Schiller (2011). On Amazon.com.
Enterprise Governance of Information Technology: Achieving Strategic Alignment and Value by Wim Van Grembergen (2010). On Amazon.com.
Governance, Risk Management, and Compliance (Grc): High-impact Strategies - What You Need to Know: Definitions, Adoptions, Impact, Benefits, Maturity, Vendors by Kevin Roebuck (2011). On Amazon.com.
ISACA, the Information Systems Audit and Control Association

Also see IT audit certifications in CSOonline's Security Certification Directory.

I.T. AUDIT ESSENTIAL READING

IT audits don't have to be painful. Find practical, detailed advice on what various types of audit entail and how different audit standards work.

IS audit: What to expect
Jennifer Bayuk's systematic and useful walkthrough of the audit process

SSAE 16: replacement for SAS70 right around the corner
Effective mid-2011, the SSAE 16 reporting standard for American service organizations mirrors international standard ISAE 3402

Exchange 2010 and Your Audit Strategy
In this Quest Software white paper, discover how to easily understand and control who accesses your company's sensitive data. Learn to implement a strong Exchange 2010 audit strategy, and read about the options that give you the power to safeguard your company's vital information. Read it today.
A Critical Look Behind the Data
Learn about the importance knowledge workers place on having the latest technologies and tools, access to the most up-to-date corporate information, and having the ability to collaborate securely within and beyond organizational boundaries.

» View All IT Audit White Papers

White Papers

Exchange 2010 and Your Audit Strategy

A Critical Look Behind the Data

Overcome Top 7 Admin Challenges of Active Directory

Insiders Can Ruin Your Company. Take Action.

Top Solutions and Tools to Prevent Devastating Malware

X-Ray of the PCI Process-4 Proactive Steps

Streamline Compliance and Increase ROI

Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business

Secure Managed File Transfer: Bringing Coherence & Control to Compliance

The TCO of FTP: Hidden Costs of "Free" File Sharing

Streamline, Speed and Secure the Supply Chain with Managed File Transfer

Identity Governance: The Business Imperatives

CA Technology Brief: CA Point of View: Content Aware Identity & Access Management

Data Loss Prevention Solution for Managing E-Discovery

Enterprise Strategy Group: The Case for a New Data-centric DLP White Paper

Business Centric DLP

Data Loss by the Numbers

Best Practices in Data Protection - Executive Summary

The Gap Between the Threats and the Spend

ESG Analyst White Paper - VMware's vSphere Storage Appliance: High Availability for Small IT Operations

More White Papers »

IT Audit

IT audit news, analysis, best practices and how-tos

The in-depth guide to data destruction

Nation's nuclear power watchdog comes up short on FISMA compliance

Small company, big security challenges

Cisco CSO on self-defending networks: The marketing's dead, the goal's alive

Forget new threats: It's the old-school attacks that keep getting you

Healthcare security needs a booster shot

Mac OS X Lion: Losing its security pride

SIEM: Dead or alive?

Senator to businesses: Protect data or pay

Data breach risks: Not just the insider threat

IT Auditing Using Controls to Protect Information Assets, 2nd Edition by Chris Davis and Mike Schiller (2011). On Amazon.com.

Enterprise Governance of Information Technology: Achieving Strategic Alignment and Value by Wim Van Grembergen (2010). On Amazon.com.

Governance, Risk Management, and Compliance (Grc): High-impact Strategies - What You Need to Know: Definitions, Adoptions, Impact, Benefits, Maturity, Vendors by Kevin Roebuck (2011). On Amazon.com.

ISACA, the Information Systems Audit and Control Association

IS audit: What to expect
Jennifer Bayuk's systematic and useful walkthrough of the audit process

SSAE 16: replacement for SAS70 right around the corner
Effective mid-2011, the SSAE 16 reporting standard for American service organizations mirrors international standard ISAE 3402

SAS 70, type II, used correctly

Auditors: Friend or foe?

A tale of two PCI audits

RSA 2010: Why 41% would fail PCI audit

IT Audit

IT audit news, analysis, best practices and how-tos

IT Auditing Using Controls to Protect Information Assets, 2nd Edition by Chris Davis and Mike Schiller (2011). On Amazon.com.

Enterprise Governance of Information Technology: Achieving Strategic Alignment and Value by Wim Van Grembergen (2010). On Amazon.com.

Governance, Risk Management, and Compliance (Grc): High-impact Strategies - What You Need to Know: Definitions, Adoptions, Impact, Benefits, Maturity, Vendors by Kevin Roebuck (2011). On Amazon.com.

ISACA, the Information Systems Audit and Control Association

IS audit: What to expect Jennifer Bayuk's systematic and useful walkthrough of the audit process

SSAE 16: replacement for SAS70 right around the corner Effective mid-2011, the SSAE 16 reporting standard for American service organizations mirrors international standard ISAE 3402

IS audit: What to expect
Jennifer Bayuk's systematic and useful walkthrough of the audit process

SSAE 16: replacement for SAS70 right around the corner
Effective mid-2011, the SSAE 16 reporting standard for American service organizations mirrors international standard ISAE 3402