This document, which focuses on the Linux security issues for one of the more popular versions of Linux, Red Hat version 9/Fedora, provides a standard reference for Linux security controls and their audit for security administrators, security professionals and information systems auditors. It provides the following guidance to IT management: * The business and technology drivers for Linux * The vulnerabilities of the Linux operating system * Risk management issues with an action-oriented perspective * Linux security software * How to secure Linux installations to fulfill the control objectives of two well-known standards-COBIT and ISO 17799 * Detailed internal control questionnaires. Call +1.847.253.1545 ext. 401, visit www.isaca.org/bookstore or e-mail [email protected] for more information.

When it comes to computer security, the role of auditors today has never been more crucial. Auditors must ensure that all computers, in particular those dealing with e-business, are secure. The only source for information on the combined areas of computer audit, control, and security, the IT Audit, Control, and Security describes the types of internal controls, security, and integrity procedures that management must build into its automated systems. This very timely book provides auditors with the guidance they need to ensure that their systems are secure from both internal and external threats.

The IBM large-scale mainframe system software, although one of the most stable and certainly the most long-lived of such systems, undergoes constant change and continuous updates. It was known as MVS for many years, until recently it was OS/390 and now is z/OS. The need for security and audit professionals to update their knowledge to correspond to the current hardware and software levels is more pronounced than ever before. This publication deals with those concepts, components and functions of OS/390 and z/OS that are deemed to be of primary relevance in terms of the security and audit issues. The publication provides a detailed focus on issues such as: * Business drivers and technology considerations * System initialization, security functions, audit tools and methods * Detailed descriptions of new components and functions * Recently added functions, mainly those that permit the use of the Internet, and UNIX functions in the OS/390 environment * Detailed table listings and suggested approaches for testing * The suggested framework for properly controlled and successful implementation * An Internal control questionnaire and detailed audit program. Call +1.847.253.1545 ext. 401, visit www.isaca.org/bookstore or e-mail [email protected] for more information.