Start Reading

IT Infrastructure Risk & Vulnerability Library: A Consolidated Register of Operational and Technology Infrastructure Vulnerabilities for IT Assurance Professionals

152 pages1 hour


Using the globally accepted template or methodology of “vulnerability/risk” identification, “implication”, “impact” and “recommended action” that have been adopted by corporations and research institutions worldwide, IT Infrastructure Risk and Vulnerability Library serves as repository or database of risk and vulnerabilities identified to be inherent or associated with IT infrastructure that are commonly deployed in today’s corporations for delivery of services and business operations that leverage on technology. Intended for organizations that need to either build a risk management program from the ground up or strengthen an existing one, this book provides a unique and rich database of vulnerabilities/risk, control lapses, process failures and substandard practices associated with the following core IT Systems/infrastructure:

• Email (Exchange Server) and Active Directory (AD) infrastructure.
• AIX (IBM) Operating System Infrastructure.
• Core Banking and Enterprise Resource Planning (ERP) Applications.
• Virtualized Infrastructure.
• Payment Card Infrastructure (Processes, Systems and Applications).
• Perimeter Network Infrastructure (Switches, Routers, Perimeter Firewalls, Wireless Controllers, Virtual Private Networks, Special device protection, Network Monitoring).

The vulnerabilities were identified from comprehensive risk assessment these infrastructure over time and from experiences of continuous reviews/audit of these systems in big organizations having identified that corporations have consistently been unable to either identify their existence due to skill gaps or mere oversight on the part of responsible personnel. Hence, this book will be relevant to organizations carrying out Risk Assessment of their IT environment (infrastructure and operations), optimizing existing IT risk management and information security programs for value adding and improvement information/technology security management, internal audit and control assurance.

What You Will Learn and Benefit:
•Build an IT risk/vulnerability register for your organization or expand existing one by selecting from vulnerabilities/risk, control lapses, and substandard practices already identified and documented in this book where applicable.
•Prepare for and pass such common certification audits as PCI-DSS, ISO 27001, ISO 22301 and ISO 20000.
•Expanding the scope of your risk assessment to areas, which have not yet be identified as areas of exposure or risk.
•Strengthen your organization’s internal audit process and control testing, a benefit from an expanded risk/vulnerability register/library.
•Rejuvenate the information security program of your organization, having an improved perspective of inherent risk/vulnerabilities of IT infrastructure as well as a robust and realistic vulnerability/risk register.
•Risk mitigate and treatment plan.

Who This Book Is For:
IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals); and information assurance specialists (e.g. IT Auditors, IT Risk Managers, IT Control implementers, CAEs, CIOs, CTOs, COO) and other IT Support/Operation Professionals.

Read on the Scribd mobile app

Download the free Scribd mobile app to read anytime, anywhere.