Purpose of This Book

This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com). Designed for courses and curriculums in IT Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by professionals experienced in information systems security, they deliver comprehensive information on all aspects of this field. Reviewed word for word by leading technical experts, these books are not just current, but forward-thinking—putting you in a position to solve the cybersecurity challenges not just of today, but of tomorrow as well.

Part 1 of this book identifies and explains what each of these compliance laws requires in regard to safeguarding business and consumer privacy data elements and the design and implementation of proper security controls. Once these safeguards and security control requirements are defined for your organization, you have a yardstick of measurement for conducting an audit of your IT infrastructure for compliance.

Part 2 presents how to audit an IT infrastructure for compliance based on the compliance laws themselves, on the need to protect and secure business and consumer privacy data, and on the need to have properly documented and implemented security controls within the organization. Auditing standards and frameworks are also presented, along with what must be audited within the seven domains of a typical IT infrastructure. In addition to discussing the planning and conduct of an audit, Part 2 also reviews how to document what was identified during the audit and how to determine whether compliance requirements are being met throughout the IT infrastructure. Specific security controls and countermeasures are presented for each of the domains of a typical IT infrastructure.

Part 3 provides a resource for readers and students who desire more information on becoming skilled at IT auditing and IT compliance auditing. This final chapter provides additional content on ethics, education, professional certifications, and IT auditing certifying organizations.

This book not only addresses the tools and techniques for auditing IT infrastructure for compliance, it also examines key risk drivers. While much of the content is related to information security, the text considers and provides examples of the broader and higher-level principles around information governance and risk management. It brings together the core disciplines of auditing, accounting, and information technology.

Learning Features

The writing style of this book is practical and conversational. Each chapter begins with a statement of learning objectives. Step-by-step examples of information security concepts and procedures are presented throughout the text. Illustrations are used both to clarify the material and to vary the presentation. The text is sprinkled with Notes, Tips, FYIs, Warnings, and sidebars to alert the reader to additional helpful information related to the subject under discussion. Chapter Assessments appear at the end of each chapter, with solutions provided in the back of the book.

Chapter Summaries are included in the text to provide a rapid review or preview of the material and to help students understand the relative importance of the concepts presented.

Audience

The material is suitable for undergraduate or graduate computer science majors or information science majors, students at a two-year technical college or community college who have a basic technical background, and readers who have a basic understanding of IT security and want to expand their knowledge.

New to This Edition

This edition’s updates reflect the enormous change in auditing and cybersecurity in recent years due to the worldwide pandemic, which has forced many businesses to operate remotely and expand the use of digital technologies. Work from home is now often the norm versus the exception for many workers. More than ever, data are distributed outside the confines of the corporate network. Revisions in this text reflect current techniques of auditors and cybersecurity professionals to help their organizations control risks and keep pace with the changing risk landscape, such as data breaches, ransomware, and regulatory misses.

This edition also reflects the expanding role of the auditor as organizations reimagine their business and technology needs in this changed world. This text explores key audit and cybersecurity disciplines needed as organizations go through digital transformation. This text reflects recent trends and changes in the technology such as the exponential expansion of cloud services. It discusses not only an organization’s transformation but also the transformation of the auditor’s tools and techniques.

Cloud Labs

This text is accompanied by Cybersecurity Cloud Labs. These hands-on virtual labs provide immersive mock IT infrastructures where students can learn and practice foundational cybersecurity skills as an extension of the lessons in this textbook. For more information or to purchase the labs, visit go.jblearning.com/auditingit3elabs.