This week I’m highlighting EDPACS, a long time monthly IT audit and control newsletter, now into its 37th year of publication. A variety of freely available articles from their web site are presented below. The annual subscription cost is very reasonable and includes online access to more than ten years of articles.
Have another great week.
Note – in the interest of full disclosure I am the managing editor for EDPACS.
EDPACS (The EDP Audit, Control, and Security Newsletter)
For over 37 years, this monthly newsletter has supported the audit and control community with highly regarded guidance in the fields of audit, control, and security. In addition, EDPACS regularly explores current and emerging issues around IT governance.
Call for articles (EDPACS)
The State of IT Auditing in 2007
Summing-up the state of such a broad professional field in just a few short pages is not easy so, in place of a thousand words, here is a picture. This article examines the state of IT auditing today, looking at issues such as pressures on the profession, characteristics of modern IT auditors plus the tools and techniques available to them, and ends by gazing into the crystal ball to see what might be coming next.
Why is Security a Software Issue?
Software is everywhere. It runs your car. It controls your cell phone. It's how you access your bank's financial services, receive electricity and natural gas, and fly from coast to coast (McGraw, 2006). Many products, services, and capabilities within both the public and private sectors are highly dependent on software to handle the sensitive and high-value data on which people's privacy, livelihoods, health, and very lives depend. National security—and by extension citizens' personal safety—relies on complex, interconnected, software-intensive information systems—systems that in many cases use the uncontrolled Internet or Internet-exposed private networks as their means for communicating and transporting information. http://www.informaworld.com/smpp/title~content=g781166228~db=
Social Engineering Techniques, Risks, and Controls
This article describes typical social engineering threat sources and techniques, analyzes the associated information security risks, and outlines a range of preventive, detective, and corrective controls to minimize social engineering risks.
Database Access, Security, and Auditing for PCI Compliance
Now eight years into the aught decade, we ought to be proficient with the controls, monitoring, risk management, and governance needed to prevent and detect the debacles that ushered in the Sarbanes Oxley act of 2002. And we should have a pretty good idea how to protect against Internet attacks and identity theft. But while you are considering that, remember the “Billion Dollar Bubble” or Equity Funding scandal (the first major so-called computer fraud) was started in 1964 and brought the company down in 1973. And the first major electronic privacy legislation was the Privacy Act of 1974 following revelations of privacy abuse during the Nixon administration.
EDPACS Editorial Board