IT Audit and IT Security Resources

Paper Books

Cheklists

Operating Systems

• NSA
• DISA

NIST - various publicly available security checklists (or benchmarks):

• FIPS PUB 199 - security categorization of information systems
• NIST 800-53 - recommended security controls for information systems (considered very well written by Mike Simon)

Certifications

CISSP

• Information security auditing is a vital part of any IT audit and is often understood to be the primary purpose of an IT Audit
• CISSP exam tests the understanding of the so called Common Body of Knowledge (CBK)
• CBK can be seen as a universal language of the information security professionals. CBK is said to be a mile wide and two inches deep.
• CISSP exam pays attention to formal terminology so you better learn the acronyms. To pass the certification exam
  • you need 700 out of 1000 points
  • you have 6 hours for 250 questions (you better take some snack with you :))
  • you should use two-pass method (skip the questions you are unable to answer and come back to them in the second pass)

CCNA/CCENT

• networking

LPIC

• GNU/Linux

✎ source 2021-07-15 21:18:37 +0200