Access "Ensure audit success with sound security audit procedures"
This article is part of the April 2004 issue of Depth charge: Survey shows big spending on defense in depth
By George Wrenn We've all seen them before, those blue suits carrying shiny leather briefcases: Auditors. They march into our shops, asking question after question, touching and probing everything connected to a CAT 5. They check for everything from industry best practices to security standards to government regulations. The result is usually a thick report that grades your security program as pass or fail. The CISSP exam is nothing compared to this pressure. But, auditors -- whether they're internal or third parties -- are a security professional's friends. They are a second set of eyes, looking at your policies, infrastructure and practices and verifying the areas in which you're doing well, and those that need work. Most importantly, they tell you how well you're complying with standards and regulations, such as ISO 17799 and Sarbanes-Oxley. IT audits may be stressful, but they don't have to be. A few simple steps will help you handle auditors, avoid common mistakes and reduce -- if not eliminate -- the stress. Whether you're dealing with internal reviews... Access >>>
Premium Content for Free.
IT security spending 2004: Firms diversify as security budgets tighten
by Andrew Briney
Fearing the worst on IT security spending, companies are diversifying their security spending.
Audit failure: How one lab raised IT security awareness and its audit grade
by Anne Saita
Learn how Argonne National Lab raised IT security awareness and its audit grade from 'F' to 'A'.
- IT security spending 2004: Firms diversify as security budgets tighten by Andrew Briney
The future of software security vulnerabilities
by Gary McGraw & Greg Hoglund
The evolution of software security vulnerabilities opens new vistas for business... and the bad guys.
Ensure audit success with sound security audit procedures
by George Wrenn
A security review doesn't have to be a sink-or-swim proposition.
- The future of software security vulnerabilities by Gary McGraw & Greg Hoglund
Using tax depreciation to increase security budgets
by Lawrence Walsh
The depreciation of capital assets, such as security hardware and software, is a tax benefit that every infosec manager should take into consideration.
Cyberwar myths: Are cyberwarfare and cyberterrorism overblown?
by Marcus J. Ranum, Contributor
Marcus Ranum explains why the whole notion of cyberwarfare is a scam.
A little betrayal: Windows purists using Linux security features
by Jay Beale
Jay Beale explains how Windows purists can leverage Linux security features without compromising their allegiance to Redmond.
Database security tools for preventing SQL injection attacks
by Pete Lindstrom, Contributor
An emerging breed of database security tools is helping security teams spot attackers' favorite techniques, like SQL injection.
In enterprises, proactive information security finally taking hold
by Andrew Briney
Editorial director Andrew Briney says frustration with failure is driving proactive information security spending on new technologies.
- Using tax depreciation to increase security budgets by Lawrence Walsh
More Premium Content Accessible For Free
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...
The network of today's enterprise is larger and more diverse than ever, which means there's more for hackers to attack. So as enterprises update ...