New & Notable
IT Security Audits News
August 12, 2014
Discussing the state of PCI DSS compliance, Gartner's Avivah Litan says the industry still struggles with PCI auditors who both identify PCI problems and sell remediation services to fix them, causing a conflict of interest.
October 31, 2013
A veteran QSA believes PCI DSS 3.0 will help both QSAs and enterprises, but says further clarifications are needed to avoid PCI assessment disputes.
July 25, 2012
Don Weber of InGuardians is releasing his smart meter hacking tool, but only to utilities, vendors and vendor-vetted researchers.
March 06, 2012
Too often, organizations jam all their compliance tasks into the quarter when the audit is due. Read advice for reducing compliance fatigue.
IT Security Audits Get Started
Bring yourself up to speed with our introductory content
NASA recently released a cloud computing audit report with best practices enterprises can use to assess and improve their cloud governance practices. Continue Reading
In this SearchSecurity.com mini learning guide you will learn the ins and outs of network security audit guidelines, as well as the importance of audit planning, and how to perform and prepare for an audit. Continue Reading
The Certified Information Systems Auditor (CISA) is a certification issued by the Information Systems Audit and Control Association (ISACA). Continue Reading
Evaluate IT Security Audits Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Gartner analyst Avivah Litan discusses how Gartner clients are reacting to the changes in PCI DSS 3.0, and whether the increased rigor in the standard will prove beneficial to enterprises. Continue Reading
Peter G. Neumann shares his thoughts on the inherent complexity of trustworthiness and the evolutionary promise of clean-slate architectures. Continue Reading
Moving to a cloud environment brings compliance challenges, but they’re not insurmountable. Continue Reading
Manage IT Security Audits
Learn to apply best practices and optimize your operations.
Learn about a potential audit concern when transitioning from a traditional firewall to a next-generation firewall. Continue Reading
Expert Mike Chapple explains how two descoping techniques can help many organizations reduce their regulatory compliance burden. Continue Reading
One QSA offers pre-audit planning advice to ensure a smooth, successful enterprise IT security audit for both the organization and the auditor. Continue Reading
Problem Solve IT Security Audits Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
There are several risks involved when using end-of-life software, including the possibility of compliance violations. Expert Mike Chapple explains. Continue Reading
Documentation is a key requirement for many IT security regulations. Expert Mike Chapple offers tips for maintaining documentation the right way. Continue Reading
Tony UcedaVelez offers tips for automating compliance tasks to reduce IT security and compliance risk while easing the pain of arduous compliance audits. Continue Reading