Security Audit

MUST READ Best practices for choosing an outside IT auditor TIP - Learn six points for choosing the right outside auditor. The future role of the CISO: Keeping auditors at bay TIP - CISOs have little discretionary budget or time to make any improvements that are not directly related to HIPAA or SOX compliance. For some, this is a benefit. Cheat sheet: 10 ways to prep for auditors ARTICLE - There are 10 ways to prepare for those auditors knocking at your door -- and avoid wasting time and money.

EXPERT TECHNICAL ADVICE: 1 - 3 of 33

SECURITY AUDIT EXPERTS
			David Mortman ASK A QUESTION

	Security and audit relationships: Uneasy antagonists or partners in arms? 16 Dec 2008 TIP - The relationship between information security pros and auditors can be a rocky one, but there are a few specific steps that can make it smoother.

	Richard Mackey: Building a framework-based compliance program 29 Oct 2008 TIP - Richard Mackey talks about frameworks that can help you find the holes in your compliance program.

	Screencast: How Tor improves Web surfing privacy and security audits 22 Oct 2008 TIP - In an on-screen demonstration, learn how Tor can be used to ensure that surfing habits aren't recorded by malicious hackers.

	VIEW ALL EXPERT TECHNICAL ADVICE ON SECURITY AUDIT

NEWS: 1 - 3 of 27

	Cybersecurity expert sees PCI DSS problems ahead for retailers SearchSecurity.com | 18 Nov 2008 INTERVIEW - Some systems will have to be replaced over the next several years costing big-box retailers millions of dollars to become compliant with PCI DSS.

	IT security pros focus on internal threats during tough economy SearchSecurity.com | 21 Oct 2008 INTERVIEW - Layoffs, mergers and acquisitions are forcing some IT security pros to look closely at the internal threats posed by disgruntled employees and mishandled data.

	IRS faulted for lax security controls, dangerous data risks SearchSecurity.com | 20 Oct 2008 ARTICLE - An inspector general audit criticizes the IRS for deploying a customer data and account management system with known security flaws. The IRS tried to have the report suppressed.

	VIEW ALL NEWS ON SECURITY AUDIT

REFERENCE & LEARNING: 1 - 3 of 11

	Conclusion: The Risk Mitigation Challenges of the "12 PCI Commandments" SearchSecurity.com | 19 Sep 2007 LEARNING GUIDE - In this guide, Craig Norris draws some important PCI compliance conclusions.

	Strategies for success -- PCI DSS Requirement 1: Install and maintain a firewall configuration to protect cardholder data SearchSecurity.com | 19 Sep 2007 LEARNING GUIDE - Simply installing a firewall on the network perimeter won't necessarily get you past PCI DSS Requirement 1. Craig Norris explains the extra work that needs to be done.

	Strategies for success -- PCI DSS Requirement 10: Track and monitor all access to network resources and cardholder data SearchSecurity.com | 19 Sep 2007 LEARNING GUIDE - Many organizations must manually track each system's log files to comply with PCI DSS. In this guide, Craig Norris explains how to pass PCI's troublesome tenth requirement.

	VIEW ALL REFERENCE & LEARNING ON SECURITY AUDIT

MAGAZINE CONTENT (free subscription required): 1 - 2 of 2

	Collaboration with auditors will benefit information security programs Information Security Magazine | 28 Nov 2008 COLUMNS - Security professionals should appreciate their relationships with internal auditors, who by pointing out security areas that need improvement, head off failures with external auditors.

	Architect Security and Compliance Programs to Be Complementary Information Security Magazine | 01 Jun 2008 COLUMNS - Perspectives: Shake On It

	VIEW ALL MAGAZINE CONTENT ON SECURITY AUDIT

WEBCASTS: 1 - 3 of 3

5 Steps for SOX Compliance - Expert Webcast VIEW WEBCAST PREMIERED:   26 OCT 2006, 09:00 EDT (13:00, GMT) SUMMARY:   This Podcast offers five easy steps that help your company comply with a SOX audit and improve your overall security posture. Listen to this Podcast and examine where your reporting divisions should beand who you should turn to for help when you are trying to comply with SOX regulations.

	Making effective use of database monitoring/auditing tools for security and compliance - Expert Webcast VIEW WEBCAST PREMIERED:   12 OCT 2006, 12:00 EDT (16:00, GMT) SUMMARY:   This webcast will help you understand how monitoring/auditing tools map to data compliance/security requirements and what to look for to determine which tools will work best for your environment.

	CISSP Essentials: Mastering the Common Body of Knowledge -- Class 1, Security management practices - Expert Webcast VIEW WEBCAST PREMIERED:   14 OCT 2004, 09:00 EDT (13:00, GMT) SUMMARY:   While viruses, worms and hacking grab all the news headlines, sound security management practices are the foundation of any organization's security success.

	VIEW ALL WEBCASTS ON SECURITY AUDIT

	SEE ALSO - Topics Related to Security Audit:  PCI Data Security Standard, FFIEC, Gramm-Leach-Bliley Act (GLBA), HIPAA, Sarbanes-Oxley Act, Data Security Breach Laws and Notification, Data Privacy, FISMA