|
|
Research
The purpose of this Research Page is to bring together the ISACF Research news, any local chapter research, along with links to relevant technical articles and Best Practices within the IS Audit Community. These Best Practices could include audit programs, report formats, issues tracking, risk assessments, automated workpapers, etc.
ISACF Research
The Information Systems Audit and Control Foundation (ISACF) actively promotes research that results in the development of products useful to IT governance, control, assurance and security professionals.
- Virtual Private Networks
- Y2K Silver Lining
- IT Control Practices
- COBIT - Management Guidelines
- eCommerce: Controls, Audit and Security
- Digital Signatures
- Control Objectives for Net Centric Technology
- COBIT: Control Objectives for Information and related Technology, 2nd Edition
- An Executive's Guide to the Year 2000
- Contingency Planning for the Year 2000
- Year 2000 Management Assessment Guide
- Sample Year 2000 compliance audit guideline in COBIT format
- Conducting Year 2000 Reviews During the Final Months Before the Millennium
- Model Curricula for Information Systems Auditing
- Unix: Its Use, Control and Audit
- Information Privacy
- Helsinki Finland ISACA Chapter TAKO Project
Local Chapter Research
As time allows, we hope to post research information generated from the local chapter. Our current research is directed at the technology upon which this web site operates.
Research Centers and Institutes
The Center for Education and Research in Information Assurance and Security, or CERIAS, (at Purdue University) is an internationally recognized center for multidisciplinary research and education in areas of information security. Areas of research include computer, network, and communications security as well as information assurance. All of the current research project fit into the following categories:
- Social, Economic and Political Issues
- Cryptography and Steganography
- Secure Programming and Technology
- Information Assurance
- Intrusion and Anomaly Detection
- Audit, Evaluation and Forensics
- Education and Training
CERIAS Technical Reports / White Papers are available online.
The SANS Institute Resources Web Page reflects research that includes:
- Fundamentals of Effective Network Security
- Model Security Policies
- NSA Glossary of Terms used in Security and Incident Handling
- Extra slides from Klevinsky's Contemporary Hacking Tools Course in San Francisco
- Intrusion Detection FAQ (v 1.30)
- The 7 Top Management Errors that Lead to Computer Security Vulnerabilities
- Archive of Web Briefings
CERT® Security Improvement Modules Each CERT Security Improvement module addresses an important but narrowly defined problem in network security. These modules provide guidance that can help organizations improve the security of their networked computer systems. They include:
