This is Chapter 6 in Tom Olzak‘s book, “Enterprise Security: A practitioner’s guide.” Chapter 5 is available here: VLAN Network Segmentation and Security- Chapter 5
This is Chapter 5 in Tom Olzak‘s book, “Enterprise Security: A practitioner’s guide.” Chapter 4 is available here:Attack Surface Reduction – Chapter 4 Chapter 3
This is Chapter 4 in Tom Olzak‘s book, “Enterprise Security: A practitioner’s guide.” Chapter 3 is available here: Building the Foundation: Architecture Design – Chapter 3
“What’s in a name? that which we call a rose. By any other name would smell as sweet” Shakespeare would probably turn over in his
Overview: The BYOD (Bring Your Own Device) phenomenon is expanding at an incredible rate. It is something that affects every business, from the smallest to
In this chapter, we define the various types of enterprise architectures, how to integrate them into strategic and tactical business objectives, and how to build
Managing security is managing risk. As explained in Chapter 1, Security ensures the confidentiality, integrity, and availability of information assets through the reasonable and appropriate
You close the lid of your laptop; it’s been a productive couple of days. There are a few things that could be tightened up, but
Marc Winner hasn’t come up with a way to precisely measure the return on investment for security training. What he does know for certain, however,
Chapter 1Security: A working definition Read more… (4567 words, 4 images, estimated 18:16 mins reading time) Managing Risk Probability of Occurrence Business Impact Threat Sources
This C&A related call for help is from Latonya in Washington, DC: Need help! I am desperately searching for an instruction that will exempt a
Table of Contents Read more… (4092 words, 11 images, estimated 16:22 mins reading time) Trusted Computing Boot Path Security Challenges Boot Path Attack Surface The
When C&A becomes A&A, will you be ready? Read more… (1608 words, 3 images, estimated 6:26 mins reading time) This is a preview of Goodbye
Information security is a vast field and has a broad interest there are so many penetration tester and ethical hacker out there that provides there
(ISC)2 is making several changes to the CISSP exam effective January 1st, 2012. This language was found on the ISC2 website; (ISC)² CBK Domain Name
PORTIONS OF THIS ARTICLE INCLUDING MANY OF THE DEFINITIONS AND TERMINOLOGY HAVE BEEN SOURCED AND SUMMARIZED FROM ISACA.ORG and COURSE MANUALS PUBLISHED BY ISACA. A
PORTIONS OF THIS ARTICLE INCLUDING MANY OF THE DEFINITIONS AND TERMINOLOGY HAVE BEEN SOURCED AND SUMMARIZED FROM ISACA.ORG and COURSE MANUALS PUBLISHED BY ISACA. Infrastructure
Several people have asked for an IT Audit Program Template for an audit based on the ISO/IEC 27002:2005(E) security standard. This template (which can be found
PORTIONS OF THIS ARTICLE INCLUDING MANY OF THE DEFINITIONS AND TERMINOLOGY HAVE BEEN SOURCED AND SUMMARIZED FROM ISACA.ORG and COURSE MANUALS PUBLISHED BY ISACA. Application
PORTIONS OF THIS ARTICLE INCLUDING MANY OF THE DEFINITIONS AND TERMINOLOGY HAVE BEEN SOURCED AND SUMMARIZED FROM ISACA.ORG and COURSE MANUALS PUBLISHED BY ISACA. Shared
PORTIONS OF THIS ARTICLE INCLUDING MANY OF THE DEFINITIONS AND TERMINOLOGY HAVE BEEN SOURCED AND SUMMARIZED FROM ISACA.ORG and COURSE MANUALS PUBLISHED BY ISACA. Internet
Information Technology Basics In its most basic form, information technology (IT), can be reduced down to IPO. No that’s not an Initial Public Offering, but
“IT Governance and Controls” or “IT Monitoring and Assurance Practices for Board and Senior Management” Take your choice of titles of this article, but really
What is a standard? Who defines standards? Where do we as IT auditors come into contact with standards? Which framework should we use to do
Definition of IT audit – An IT audit can be defined as any audit that encompasses review and evaluation of automated information processing systems, related
Introduction to IT Audit Auditing is an evaluation of a person, organization, system, process, enterprise, project or product, performed to ascertain the validity and reliability
So you want to be an IT Auditor….. Over the course of the next few weeks, I will be posting some ten articles to help
Domain 5, Protection of Information Assets is the last domain in the CISA certification area and the most important. ISACA has stated that this domain
For 2011, ISACA has updated the domains reducing them from 6 to 5. Domain 4 now includes Disaster Recovery from the old Domain 6. This
It’s interesting to notice how ISACA is aligning itself with the International Organization of Standards ISO/IEC 27002. The title for Domain 3 is Information Systems
CISA – Domain 2 – Governance and Management of IT ISACA has revamped the CISA material and this domain now contains the Business Continuity section from
Several of you have been asking for a mapping of the new CISA 5 domains to the previous year’s six domains. The new mapping is
First, Get a copy of the CISA Review Manual and a copy of the Q&A CD Second, Read one Domain then answer all the questions
ISACA’s 2011 CISA Exam material has been revised from six domains to five domains. Prior to 2011 Domain 6 was Business Continuity and Disaster Recovery. That
Description: Practical guidance and tools to ensure maximum readiness for incident response teams including drill tactics. PCI-DSS audits often require IR testing validation; drill quarterly
