Robert Johnson - Auditing IT Infrastructures for Compliance

World Headquarters
Jones & Bartlett Learning
25 Mall Road
Burlington, MA 01803
978-443-5000
www.jblearning.com

Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com.

Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to .

Copyright 2024 by Jones & Bartlett Learning, LLC, an Ascend Learning Company

All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner.

The content, statements, views, and opinions herein are the sole expression of the respective authors and not that of Jones & Bartlett Learning, LLC. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not constitute or imply its endorsement or recommendation by Jones & Bartlett Learning, LLC and such reference shall not be used for advertising or product endorsement purposes. All trademarks displayed are the trademarks of the parties noted herein. Auditing IT Infrastructures for Compliance, Third Edition is an independent publication and has not been authorized, sponsored, or otherwise approved by the owners of the trademarks or service marks referenced in this product.

There may be images in this book that feature models; these models do not necessarily endorse, represent, or participate in the activities represented in the images. Any screenshots in this product are for educational and instructive purposes only. Any individuals and scenarios featured in the case studies throughout this product may be real or fictitious but are used for instructional purposes only.

This publication is designed to provide accurate and authoritative information in regard to the Subject Matter covered. It is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional service. If legal advice or other expert assistance is required, the service of a competent professional person should be sought.

Production Credits

Vice President, Product Management: Marisa R. Urbano

Vice President, Content Strategy and Implementation: Christine Emerton

Director, Content Management: Donna Gridley

Manager, Content Strategy: Carolyn Pershouse

Content Strategist: Melissa Duffy

Content Coordinator: Mark Restuccia

Director, Project Management and Content Services: Karen Scott

Manager, Project Management: Jackie Reynen

Project Manager: Roberta Sherman

Senior Digital Project Specialist: Angela Dooley

Marketing Manager: Mark Adamiak

Content Services Manager: Colleen Lamy

VP, Manufacturing and Inventory Control: Therese Connell

Product Fulfillment Manager: Wendy Kilborn

Composition: Straive

Project Management: Straive

Cover Design: Briana Yates

Text Design: Briana Yates

Media Development Editor: Faith Brosnan

Rights & Permissions Manager: John Rusk

Rights Specialist: James Fortney

Cover & Title Page Image: SidorArt/Shutterstock

Printing and Binding: Gasch Printing

Library of Congress Cataloging-in-Publication Data

Names: Johnson, Rob (Robert), author. | Weiss, Martin (Martin M.) author. | Solomon, Michael (Michael G.), 1963- author.

Title: Auditing IT infrastructures for compliance / Robert Johnson, Marty M. Weiss, Michael G. Solomon.

Description: Third edition. | Burlington, MA : Jones & Bartlett Learning, [2024] | Series: Information systems security & assurance | Includes bibliographical references and index. | Summary: Auditing IT Infrastructures for Compliance provides a unique, in-depth look at recent U.S. based information systems and IT infrastructures compliance laws in both the public and private sector Provided by publisher.

Identifiers: LCCN 2022026856 | ISBN 9781284236606 (paperback)

Subjects: LCSH: Computer security. | Computer networksSecurity measures. | Compliance auditing.

Classification: LCC QA76.9.A25 W428 2022 | DDC 005.8dc23/eng/20220716

LC record available at https://lccn.loc.gov/2022026856.

6048

Printed in the United States of America

262524232210987654321

SidorArt/Shutterstock.

Contents

To my family and father Chester Johnson, for his 96th birthday, a humble man who has dedicated his life to his children, serving his community and country as a war veteran.

Rob Johnson

SidorArt/Shutterstock.

Preface

Purpose of This Book

This book is part of the Information Systems Security & Assurance Series from Jones & Bartlett Learning (www.jblearning.com). Designed for courses and curriculums in IT Security, Cybersecurity, Information Assurance, and Information Systems Security, this series features a comprehensive, consistent treatment of the most current thinking and trends in this critical subject area. These titles deliver fundamental information-security principles packed with real-world applications and examples. Authored by professionals experienced in information systems security, they deliver comprehensive information on all aspects of this field. Reviewed word for word by leading technical experts, these books are not just current, but forward-thinkingputting you in a position to solve the cybersecurity challenges not just of today, but of tomorrow as well.

of this book identifies and explains what each of these compliance laws requires in regard to safeguarding business and consumer privacy data elements and the design and implementation of proper security controls. Once these safeguards and security control requirements are defined for your organization, you have a yardstick of measurement for conducting an audit of your IT infrastructure for compliance.

also reviews how to document what was identified during the audit and how to determine whether compliance requirements are being met throughout the IT infrastructure. Specific security controls and countermeasures are presented for each of the domains of a typical IT infrastructure.

provides a resource for readers and students who desire more information on becoming skilled at IT auditing and IT compliance auditing. This final chapter provides additional content on ethics, education, professional certifications, and IT auditing certifying organizations.