Microsoft fixes critical IE, Windows kernel flaws

Flaws in Internet Explorer and the Windows C Runtime library could be used to gain access to system files and download additional malware onto a victim’s machine.
SEC reporting rules: How to comply

Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules.
Advice for developing a vendor compliance checklist

Charles Denyer offers advice for developing a vendor compliance checklist to support a vendor review process or a third-party vendor audit.
How to learn from your compliance mistakes

In this bonus to our "Compliance scorecard" Security School lesson, Eric Holmquist covers the importance of learning from failure by assessing how and why mistakes happen.

IT Security Audits

Essential Knowledge
News
Tips
Expert Advice
Definitions
Multimedia
All

Preparing for auditors: Checklists for before, during and after an IT audit

Prepare for your next IT audit with these handy checklists. Book Chapter
Surviving an audit

A security review doesn't have to be a sink-or-swim proposition. Information Security maga
PING with Tony Spurlin

Tony Spurlin, Home Depot's Information Risk manager, discusses his homegrown assessment framework and evaluation processes for potential partners. Information Security Maga
Step 4: Detailed objectives and policies

Compliance School
Multi-dimensional enterprise-wide security: Audit and validation

Learn how to protect information assets and resources within all areas of the enterprise and in compliance with all regulatory, policy and contractual requirements. 10 Tips in 10 Minutes
SOX Compliance for the Security Practitioner

This collection of resources offers security managers in-depth information to help keep their organization compliant with the Sarbanes-Oxley (SOX) Act. Learn how security practitioners are handling SOX compliance, financial woes, internal controls, a... Learning Guide
Ensure that legal responsibilities are clear -- Especially when trouble strikes

Excerpt from Chapter 15 of Information Nation Warrior: Information Management Compliance Boot Camp. Book Chapter
SAP Security Learning Guide

This guide pulls SAP security information from both SearchSecurity.com and its sister site, SearchSAP.com, to provide the most comprehensive resource around for all aspects of making your SAP system bulletproof. Learning Guide
See More: Essential Knowledge on IT Security Audits

Cost of non-compliance outweighs cost of maintaining compliance, report finds

A study by the Ponemon Institute found that the average total cost of compliance is more than $3.5 million. Article | 31 Jan 2011
The security-compliance tug-of-war

Bryan E. Simon, a senior systems and security specialist, talks about the daily struggles security pros face, including the need to balance security demands with compliance requirements. News | 15 Oct 2010
MasterCard increases PCI compliance requirements for some merchants

Company now requires merchants that process one million to six million transactions annually to have onsite assessment by a PCI QSA. Visa says it won't follow suit. Article | 29 Jun 2009
Forensic accounting success depends on information security support

A forensic accounting expert explains how information security teams can ensure the success of forensic accounting and fraud assessment. News | 29 Apr 2009
PCI DSS Q&A: Answering your questions

Payment Card Industry Data Security Standard (PCI DSS) expert Ed Moyle of CTG recently joined SearchSecurity.com for a live Q&A to address your questions about the PCI DSS. However, we were unable to answer all the questions posed to Ed during the ev... Interview | 08 Apr 2009
PCI QSA assurance program penalizes assessors

Two firms certified to conduct PCI assessments have been placed into the PCI Council's remediation program for violating the QSA Validation Requirements. Article | 05 Mar 2009
Cybersecurity expert sees PCI DSS problems ahead for retailers

It could cost millions of dollars for retailers to rip and replace outdated systems and devices still using Wired Equivalent Privacy (WEP) to secure 802.11 wireless networks, according to a security expert tracking cybersecurity in the retail industr... Interview | 18 Nov 2008
IT security pros focus on internal threats during tough economy

Rough economic times are often associated with an increase in layoffs, mergers and acquisitions. The increased activity has the potential to weaken data security, but most security experts agree that large firms have the right procedures to follow to... Interview | 21 Oct 2008
IRS faulted for lax security controls, dangerous data risks

An inspector general audit criticizes the IRS for deploying a customer data and account management system with known security vulnerabilities. The IRS tried to have the report suppressed. Article | 20 Oct 2008
IT security pros face challenge during economic crisis

Steven Katz, widely recognized as one of the first CISOs in the security industry, has been keeping an eye on the current financial crisis and company information risk management processes. Katz, a former CISO at Citigroup, JP Morgan and Merrill Lync... Interview | 13 Oct 2008
See More: News on IT Security Audits

SEC disclosure rules: Public company reporting requirements explained

Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules. Tip
Building a compliance culture means learning from mistakes

In this bonus to our "Compliance scorecard" Security School lesson, Eric Holmquist covers the importance of learning from failure by assessing how and why mistakes happen. Tip
Application log management: Enabling application security compliance

Expert Michael Cobb discusses how application audits and information and event management can save you time and energy with application security compliance. Tip
Auditing virtualization: Security training for infosec pros

This chapter discusses auditing virtualized environments, and begins with an overview of common virtualization technologies and key controls. Tip
A primer for user privilege management in Windows Server 2008

Privilege management can be a troublesome endeavor, but Windows Server 2008 introduces a multi-level privilege attribute system with better limits for standard users. Expert Randall Gamby explains the options in Windows Server 2008 for user privilege... Tip
Assessment success: PCI DSS standards and secure data storage

PCI DSS standards for secure data storage are specific and detailed, but there are two key steps that can significantly reduce the pain of an assessment. PCI DSS expert Anton Chuvakin explains. Tip
Using the Microsoft Sysinternals suite for a computer systems audit

If you're an auditor, or are looking to perform an internal audit, Microsoft's suite of Sysinternals tools could greatly help you. Learn how to use these free tools in this video demo. Tip
HIPAA covered entity and business associate agreement requirements

Under HITECH, both "covered entities" and "business associates" must comply with HIPAA data protection mandates, but, as a covered entity, what's the best way both to maintain compliance for your organization, and make sure all your BAs are compliant... Tip
How to perform an Active Directory security audit

As a security professional, you depend on Active Directory to provision users, but how secure is your implementation of AD itself? Learn how to perform an Active Directory security audit in this expert tip. Tip
Compliance strategy: How to become an internal IT auditor

The word "auditor" can make many information security pros cringe. But in this tip, learn how to become an internal IT auditor to help advance your enterprise's regulatory compliance programs. Tip
See More: Tips on IT Security Audits

Advice for developing a vendor compliance checklist for a vendor review process

Charles Denyer offers advice for developing a vendor compliance checklist to support a vendor review process or a third-party vendor audit. Answer
What is ISO certified vs. ISO compliant?

Expert Charles Denyer explains the difference between an ISO 27002 certification report and an ISO 27002 compliant report. Answer
What to include in a remote access audit

When conducting a remote access audit, there are specific questions you should be sure to ask to make sure everything is secure. In this expert response, Randall Gamby describes what to look for. Ask the Expert
The cost of an audit: Choosing a competent PCI DSS QSA

Choosing the least expensive PCI DSS QSA for your PCI audit might seem like common sense, but not all auditors know what they're doing. In this expert response, Ernie Hayden describes what to look for in a competent QSA. Ask the Expert
Gap analysis methodology for IT security and compliance

If your enterprise is faced with multiple-standard compliance, having a set gap analysis methodology can save a lot of time and effort. Learn more in this expert response from Ernie Hayden. Ask the Expert
Is a PCI DSS report on compliance confidential?

Learn about the confidentiality of a PCI report on compliance, and a compliance audit report in general in this expert response from Ernie Hayden. Ask the Expert
How to reduce PCI DSS security scope for an audit

PCI DSS audits can be a lot easier if the scope is narrow. Learn how to consolidate and store sensitive data in order to best reduce PCI DSS security scope. Ask the Expert
Who is in charge of the Massachusetts data protection law audit?

Learn more about the process of data protection audits for the Massachusetts data protection law. Ask the Expert
How to prepare for a FERPA audit

Does your educational institution have to comply with FERPA? David Mortman, security management expert, explains what FERPA requires for school records and what to do when your FERPA audit is right around the corner. Ask the Expert
How to select a set of network security audit guidelines

A network security audit can be a daunting task, but there are resources that can help. Mike Chapple, network security expert, weighs in on why and how to choose a security audit standard. Ask the Expert
See More: Expert Advice on IT Security Audits

Certified Information Systems Auditor (CISA)

The Certified Information Systems Auditor (CISA) is a certification issued by the Information Systems Audit and Control Association (ISACA). Word

RSA 2011 preview: Compliance

In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt moderates a discussion on a wide variety of compliance issues. Speakers include SearchSecurity.com Senior Site Editor Eric Parizo, and Research Director Jos... Video
PCI compliance requirement 11: Testing

PCI Requirement 11 is a popular one, according to Diana Kelley. Learn why in this instructional video. Video
Using IAM tools to improve compliance

Provisioning and password management tools can ease complexity, reduce help desk calls and save money. But they also have an added benefit: They can help ease enterprise compliance woes. Video

SEC disclosure rules: Public company reporting requirements explained

Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules. Tip
Advice for developing a vendor compliance checklist for a vendor review process

Charles Denyer offers advice for developing a vendor compliance checklist to support a vendor review process or a third-party vendor audit. Answer
Building a compliance culture means learning from mistakes

In this bonus to our "Compliance scorecard" Security School lesson, Eric Holmquist covers the importance of learning from failure by assessing how and why mistakes happen. Tip
What is ISO certified vs. ISO compliant?

Expert Charles Denyer explains the difference between an ISO 27002 certification report and an ISO 27002 compliant report. Answer
Application log management: Enabling application security compliance

Expert Michael Cobb discusses how application audits and information and event management can save you time and energy with application security compliance. Tip
Auditing virtualization: Security training for infosec pros

This chapter discusses auditing virtualized environments, and begins with an overview of common virtualization technologies and key controls. Tip
Network security audit guidelines: Inside the importance of audit planning

In this SearchSecurity.com mini learning guide you will learn the ins and outs of network security audit guidelines, as well as the importance of audit planning, and how to perform and prepare for an audit. Learning Guide
Cost of non-compliance outweighs cost of maintaining compliance, report finds

A study by the Ponemon Institute found that the average total cost of compliance is more than $3.5 million. Article
RSA 2011 preview: Compliance

In this RSA Conference 2011 preview video, SearchSecurity.com News Director Robert Westervelt moderates a discussion on a wide variety of compliance issues. Speakers include SearchSecurity.com Senior Site Editor Eric Parizo, and Research Director Jos... Video
Quiz: Building a compliance scorecard

How much have you learned about building a compliance scorecard? Find out with this short quiz. Quiz
See More: All on IT Security Audits

About IT Security Audits

Be prepared for your next IT security audit. Check out our resources on audit planning, tools, reports, mistakes, procedures, management standards, and how to work with auditors and audit validation.

Latest Headlines

Topics

Hot Topics

Advice & Tutorials

Technology Dictionary

Tips

Answers

Ask a Question

Research Library

Product Demos

Resource Centers

Blogs

IT Security Audits

About IT Security Audits

More from Related TechTarget Sites