The Laboratory Manual to accompany Auditing IT Infrastructure for Compliance is an extended lab companion to Martin J. Weiss and Michael G. Solomon,s Auditing IT Infrastructure for Compliance book. The manual explains in great detail how to conduct audits of infrastructure and how to use the audit plan to achieve the results you want. In this particular article, we,ll discuss what is auditing IT infrastructures for compliance, what are the basic steps involved, and some of the considerations you should make before beginning such a project.
The first chapter of the book covers what is auditing IT infrastructures for compliance. This chapter explains in layman,s terms what auditors are looking for. It then goes into examples of what specific types of problems might be an issue, what specific processes might be needed to address them, and what the ultimate goal might be. This section is extremely helpful, as it gives you a clear understanding of what you are signing up for when you decide to audit information systems security compliance. The second chapter provides a general overview of what auditors look for, why they look at specific areas, and what specific tools they use during investigations. The landscape of IT changes dramatically over time and it can be tough to keep up with the regulations and procedures. The landscape also varies widely between countries, so your local area may not require the same baseline rules as your distant hometown.
The third chapter goes into what an audited IT infrastructure looks like. In short, it entails checking your company,s processes for compliance with ITIL and other international standards, which are very similar to those found in the United States. A good compliance management plan can help your company save a huge amount of money, improve customer satisfaction, and overall strengthen its ability to serve customers effectively and efficiently. Chapter one of the second edition goes into discussing topics such as risk management, risk assessment, security testing, and vulnerability management. These are all important subjects to look at when you are considering how to audit IT infrastructures and comply with its regulations and compliance laws.
Chapter two continues with a look at the application and user auditing. This part of the book is divided into three major topics. The first two are on building user interfaces for testing and security, and end-user audits. Each of these topics has six different sections that discuss the topic in detail. The final section, users groups, discusses potential risks and solutions for each of these areas. The final chapter in the second edition gives an in-depth look at how to use ITIL to protect a company. The book includes a glossary of terms, a glossary of acronyms, a dictionary, and a listing of the most commonly used terms and concepts in information security. It also includes a list of case studies and a table of contents. This concise guide provides a thorough understanding of information security and auditing IT compliance laws and the associatedrequirements.