Network Auditing: A Control Assessment Approach [With *]

As a practitioner of the arcane arts of IT audit for about seven years now, I have never come across a simple "get started on Monday" treatment as Network Auditing. Gordon Smith actually focuses on the audit with just enough background for understanding and for the reader to be able to research more. Although the uncomplicated and simple declarative sentence approach may seem thin to some readers, I found the easy pace and methodical explanations a comfort to read. After years of trying to distill an audit program out of technical manuals and bafflement from the local network jockeys, for me any simple explanation is a relief. As a basic treatment, the book is intended to orient and give initial direction. Gordon only leads you into the foyers of network operating systems. You are left with some questions about the parlor beyond. Still, this is good basis for what comes later...understanding why management believes that you are wrong and the higher paid, more experienced SysAdmin is right. This IS rocket science. (Gordon does provide an email address to send your questions.) Buy the book. You will understand it and it will actually make you want to know more.

In his book about network auditing and security controls, Gordon Smith states, "Until administrators truly understand the risks, they will not install the required controls." Using a unique Control Assessment Approach, Smith gives auditors a tool to do exactly this for a network environment. He concisely explains the risks and exposures of using a computer network in a manner that focuses on business issues that management should easily grasp and truly fear. Smith, with his unique insight into network security, uses real-life examples to clearly illustrate a need for controls, while his tongue-and-cheek humor provides an easy read that every auditor is sure to enjoy. The audit programs and checklists, along with suggested controls, lend themselves to a step-by-step audit that will surely strengthen any network's security. For the less-experienced IT auditor, the information is a steal that is easy to learn and apply, especially as Smith whole-heartedly welcomes any inquiries about the material at hand. This book is a must-have tool for all auditors serious about securing their companies' networks.