Published Papers

Chapter 22 - Operations Security

This chapter defines operations security. Organizational Operations Security is about maximizing the Confidentiality, Integrity and Availability of the systems used by the organization using a...

Published on: 2008-08-14

Topic: Audit

Chapter 21 - Information Systems Legislation

This chapter reviews the legislation and regulations impacting audit and other issues of electronic law. The foremost dilemma with the study of electronic law is that it is difficult to confine...

Published on: 2008-08-14

Topic: Audit

Chapter 20 - Risk Management, Security Compliance, and Audit Controls

This chapter deals with the risk management, security compliance, and audit controls. Major methods of risk measurement and audit are discussed. One must understand the risk management process as...

Published on: 2008-08-14

Topic: Audit

Chapter 19 - Other Systems

This chapter reviews a number of other audit systems and compliance issues. Auditing mainframe and other legacy systems is far simpler than auditing modern client/server systems. These systems are...

Published on: 2008-08-14

Topic: Audit

Chapter 18 - Auditing Web-Based Applications

This chapter introduces the concepts necessary to audit Web applications. The Web application would have to be set up in such a way that it acts as a server for all requests to the client. Some of...

Published on: 2008-08-14

Topic: Audit

Chapter 17 - Auditing UNIX and Linux

This chapter introduces the concepts of auditing UNIX and Linux. One of the key secrets to auditing UNIX or Linux is to ensure that one must have knowledgeable people available for the audit. The...

Published on: 2008-08-14

Topic: Audit

Chapter 16 - Microsoft Windows Security and Audits

This chapter discusses the concepts necessary in the performance of a technical audit of Microsoft Windows systems. The initial step in any audit is defining the scope. Most initial audits of...

Published on: 2008-08-14

Topic: Audit

Chapter 15 - Database Auditing

This chapter explores database auditing and the three of the primary database systems that are available today are focused. These database systems involve MySQL, Oracle, and Microsoft Sequel...

Published on: 2008-08-14

Topic: Audit

Chapter 14 - An Introduction to Systems Auditing

This chapter provides an introduction to system auditing. It overviews the processes needed to audit a system. Systems are a combination of hosts and processes. A system can be a host or even...

Published on: 2008-08-14

Topic: Audit

Chapter 13 - Analyzing the Results

This chapter illustrates a few simple methods to baseline the network at a high level. All external attacks and many internal ones will be initially based on the exploit of a network service....

Published on: 2008-08-14

Topic: Audit