IT Infrastructure Risk & Vulnerability Library: A Consolidated Register of Operational and Technology Infrastructure Vulnerabilities for IT Assurance Professionals
Business & Finance, Industries & Professions, Insurance, Nonfiction, Computers, Networking & Communications, Computer Security, Operating Systems
| Author: | Nwabueze Ohia | ISBN: | 9780463770177 |
| Publisher: | Nwabueze Ohia | Publication: | May 9, 2018 |
| Imprint: | Smashwords Edition | Language: | English |
| Author: | Nwabueze Ohia |
| ISBN: | 9780463770177 |
| Publisher: | Nwabueze Ohia |
| Publication: | May 9, 2018 |
| Imprint: | Smashwords Edition |
| Language: | English |
(Information & Technology Risk Assurance, Internal Audit and IT Audit Series)
IT Infrastructure Risk and Vulnerability Library is a do-it-yourself risk assessment handbook/manual that provides the reader with updated database of known risk/vulnerabilities inherent in IT systems and infrastructure that are commonly deployed in today’s enterprise for delivery of technology driven services and business operations. The book adopted a methodical approach to risk identification and assessment as the reader will be exposed to techniques used in identifying risk/vulnerabilities within commonly deployed IT Systems/Infrastructures and business operating environment, their implications as well as impact if not remediated. Treatment plan on how the risk could be mitigated to reduce or eradicate their impact on operations were also advised. Intended for organizations that need to either build a risk management system or security program from the ground up or strengthen an existing one, this book provides a unique and rich database of vulnerabilities/risk, control lapses, process failures and substandard practices associated with the following core IT Systems/infrastructure and how to fix them.
•Email (Exchange Server) and Active Directory (AD) infrastructure.
•IBM AIX (UNIX) Operating System Infrastructure.
•Core Banking & Enterprise Resource Planning (ERP) Applications.
•Virtualized Infrastructure.
•Payment Card Infrastructure & Operating Environment (Processes, Systems and Applications).
•Perimeter Network Infrastructure (Switches, Routers, Perimeter Firewalls, Wireless Controllers, Virtual Private Networks, Special device protection, Network Monitoring).
Vulnerabilities captured were those identified from comprehensive assessment of the above listed infrastructures and systems over time and from experiences of continuous security reviews/audit of these systems in big organizations having recognized that corporations have consistently been unable to either identify existence of some of the risk and mitigate their impact largely due to skill gaps or mere oversight on the part of responsible personnel. Hence, this book will be relevant to organizations carrying out Risk Assessment of their IT environment (infrastructure and operations), optimizing existing IT risk management and information security programs for value add and improvement of information/technology security management, internal audit and risk/control assurance.
What You Will Learn and Benefit:
•Build an IT risk/vulnerability register for your organization or expand existing one from vulnerabilities/risk, control lapses, and substandard practices already identified and documented in this book as applicable.
•Prepare for and pass relevant management system certification audits such as PCI-DSS, ISO 27001, ISO 22301, ISO 20000, etc.
•Expand the scope of your organization’s risk assessment to areas, which have not yet been explored or recognized as areas of exposure for the organization.
•Strengthen your organization’s internal audit process and control testing, a benefit from an expanded risk/vulnerability register.
•Rejuvenate the information security program of your organization, having an improved perspective of inherent risk/vulnerabilities of IT infrastructure as well as a robust and realistic vulnerability/risk register.
•Risk mitigate and treatment plan.
Who This Book Is For:
IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals); and information assurance specialists (e.g. IT Auditors, IT Risk Managers, IT Control implementers, CAEs, CIOs, CTOs, COO, CRO, CISO) and other IT Support/Operation Professionals.
(Information & Technology Risk Assurance, Internal Audit and IT Audit Series)
IT Infrastructure Risk and Vulnerability Library is a do-it-yourself risk assessment handbook/manual that provides the reader with updated database of known risk/vulnerabilities inherent in IT systems and infrastructure that are commonly deployed in today’s enterprise for delivery of technology driven services and business operations. The book adopted a methodical approach to risk identification and assessment as the reader will be exposed to techniques used in identifying risk/vulnerabilities within commonly deployed IT Systems/Infrastructures and business operating environment, their implications as well as impact if not remediated. Treatment plan on how the risk could be mitigated to reduce or eradicate their impact on operations were also advised. Intended for organizations that need to either build a risk management system or security program from the ground up or strengthen an existing one, this book provides a unique and rich database of vulnerabilities/risk, control lapses, process failures and substandard practices associated with the following core IT Systems/infrastructure and how to fix them.
•Email (Exchange Server) and Active Directory (AD) infrastructure.
•IBM AIX (UNIX) Operating System Infrastructure.
•Core Banking & Enterprise Resource Planning (ERP) Applications.
•Virtualized Infrastructure.
•Payment Card Infrastructure & Operating Environment (Processes, Systems and Applications).
•Perimeter Network Infrastructure (Switches, Routers, Perimeter Firewalls, Wireless Controllers, Virtual Private Networks, Special device protection, Network Monitoring).
Vulnerabilities captured were those identified from comprehensive assessment of the above listed infrastructures and systems over time and from experiences of continuous security reviews/audit of these systems in big organizations having recognized that corporations have consistently been unable to either identify existence of some of the risk and mitigate their impact largely due to skill gaps or mere oversight on the part of responsible personnel. Hence, this book will be relevant to organizations carrying out Risk Assessment of their IT environment (infrastructure and operations), optimizing existing IT risk management and information security programs for value add and improvement of information/technology security management, internal audit and risk/control assurance.
What You Will Learn and Benefit:
•Build an IT risk/vulnerability register for your organization or expand existing one from vulnerabilities/risk, control lapses, and substandard practices already identified and documented in this book as applicable.
•Prepare for and pass relevant management system certification audits such as PCI-DSS, ISO 27001, ISO 22301, ISO 20000, etc.
•Expand the scope of your organization’s risk assessment to areas, which have not yet been explored or recognized as areas of exposure for the organization.
•Strengthen your organization’s internal audit process and control testing, a benefit from an expanded risk/vulnerability register.
•Rejuvenate the information security program of your organization, having an improved perspective of inherent risk/vulnerabilities of IT infrastructure as well as a robust and realistic vulnerability/risk register.
•Risk mitigate and treatment plan.
Who This Book Is For:
IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals); and information assurance specialists (e.g. IT Auditors, IT Risk Managers, IT Control implementers, CAEs, CIOs, CTOs, COO, CRO, CISO) and other IT Support/Operation Professionals.
