[ISN] REVIEW: "Auditing Information Systems", Mario Piattini

From: InfoSec News (isnat_private)
Date: Sat Jan 11 2003 - 00:36:42 PST

  • Next message: InfoSec News: "[ISN] Secure Passwordless Logins with SSH Part 3"

    Forwarded from: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rsladeat_private>
    BKAUINSY.RVW   20020825
    "Auditing Information Systems", Mario Piattini, 2000, 1-878-28975-6,
    %E   Mario Piattini
    %C   1331 E. Chocolate Ave., Hershey, PA   17033-1117
    %D   2000
    %G   1-878-28975-6
    %I   IRM Press/Idea Group
    %O   U$139.95 717-533-8845 fax: 717-533-8661 cust@idea-group.com
    %O  http://www.amazon.com/exec/obidos/ASIN/1878289756/robsladesinterne
    %P   246 p.
    %T   "Auditing Information Systems"
    Chapter one is a general overview of auditing, with few details. 
    COBiT is not being used as intended by the majority of purchasers, we
    are told in chapter two.  There is a rather random discussion of some
    security (and some network) concepts in chapter three, which changes
    format rather abruptly towards the end.  Chapter four notes that
    software maintenance has dangers and a structured process would help. 
    It also suggests a COBiT style list of objectives.  All kinds of
    things it would be nice to have in the perfect data warehouse are
    described in chapter five.  Chapter six looks at a few legal issues
    with respect to information.  The theme of chapter seven seems to be
    that databases should do what they are supposed to.  (I suppose Gene
    Spafford could sympathize: his definition of a secure computer is one
    that does what it is supposed to.)  Chapter eight attempts to recreate
    ISO 9000 as a COBiT table.  Task analysis by another name (audit
    function points) is described in chapter nine.
    Even though the name of COBiT is repeatedly invoked in this book it is
    really hard to say what it has to do with auditing.
    copyright Robert M. Slade, 2002   BKAUINSY.RVW   20020825
    rsladeat_private  rsladeat_private  sladeat_private p1at_private
    Find book info victoria.tc.ca/techrev/ or sun.soci.niu.edu/~rslade/
    Upcoming (ISC)^2 CISSP CBK review seminars (+1-888-333-4458):
        February 10, 2003   February 14, 2003   St. Louis, MO
        March 31, 2003      April 4, 2003       Indianapolis, IN
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Sat Jan 11 2003 - 02:54:50 PST