<< 1 >>
Rating: 
Summary: Very good book on security controls
Review: Checklists, though mundane, are a key component of many jobs. They help ensure that key issues aren't overlooked, and they serve as guideposts for anyone auditing the work. This book provides technology managers with a very good preparatory set of details and checklists for their e-commerce infrastructure. The book can also show a corporate auditor what to look for to ensure that appropriate controls are in place. Throughout its 6 chapters and 225 pages, the book offers a detailed, progressive, and structured approach for performing such audits. The book addresses technology-related issues but doesn't require the auditor to be expert in them. Among topics discussed are physical security, authentication, and passwords; checklists ensure that these features are deployed or configured correctly. For ensuring that file servers and other elements of the e-commerce infrastructure are protected, this book is an excellent choice.
Rating: 
Summary: An Invaluable E-Commerce Audit Guide
Review: While many approach the subject of e-commerce control and security from a purely pedagogical, 'those who can't do, teach' perspective, Gordon Smith draws upon his considerable experience in the trenches to pen this logical step-by-step, risk-based approach to the subject. Moreover, the book is written in an easy, conversational style that is easily comprehended by even neophyte auditors, and its packed with audit work programs and checklists that permit practitioners to roll up their sleeves and get down to work immediately. One feature of this book I found particularly enlightening was Mr. Smith's sensible inclusion of supporting operating system and data base-related risks and controls as they relate to the overall e-commerce control environement. Too often these extremely important controls are deleted from scope or not considered at all in favor of engagement cost and time constraints. Experience proves that a partially secured environement is no better than one that is totally unsecured. Having contracted and worked with Mr. Smith and his CanAudit associates in the past, and having personally witnessed his team breaking into systems heretofore considered inpenetrable, I place a great deal of credence in his opinions on the subject of system security, e-commerce-related or otherwise. This book is a must read for anyone interested in the subject of e-commerce security and an invaluable reference tool for the professional IT Auditing practitioner.
<< 1 >>
| 
