Link to the ISACA® Las Vegas Chapter Home Page
  • Swiss Army Knife

  •  Information Systems Audit and Security Tools
     

  •  
     COBiT™ Implementation Tools
     
  • IT-Governance-Institute-Logo
    IT Governance Institute issues News Release on COBIT 4.0
    COBIT 4.0: Major Update to International Standard
    Helps Businesses Increase IT Value, Decrease Risk

  • ISACA Logo
     COBiT™ 3rd Edition Print & CD-ROM-6 Volume Set
  • This set consists of Executive Summary, Framework, Control Objectives, Audit Guidelines, Implementation Tool Set, Management Guidelines and CD-ROM.
    COBiT™, the breakthrough IT governance tool, provides you with the strategies and tactical information you need to maintain a competitive advantage. Whether you are a CEO, CFO, CIO, IS security practitioner or auditor, this six part set will prove to be an invaluable organizational resource.
    To recognize how valuable and critically important the effective governance of information and related technology has become, the IT Governance Institute has released the revised and enchanced 3rd edition of COBiT™, which includes the all new Management Guidelines.
    [TOP]
     

  • Sarbanes-Oxley Compliance Tools
  • ISACA Logo
     Sarbanes-Oxley Audit Resource Center (SARC)
  • In the wake of Enron and WorldCom the role of internal auditors in corporate governance has taken on a whole new meaning. The passage of the Sarbanes-Oxley Act and actions by the U. S. Securities and Exchange Commission imposed new requirements on auditors, corporate boards and management.
    This section of AuditNet® provides tools and resources for internal auditors to acquaint themselves with the new rules and share guidance and best practices for partnering with audit committees.
    Internal auditors now have a unique opportunity to work together with audit committees to help in the corporate governance mandate.
    [TOP]
     

  • Secure Configuration Guides and Checklists

  • NSA Logo
     Security Configuration Guides
  • The US Government's National Security Agency's Information Assurance Directorate initiatives in enhancing software security cover both proprietary and open source software, and we have successfully used both proprietary and open source models in our research activities.
    NSA'swork to enhance the security of software is motivated by one simple consideration: use our resources as efficiently as possible to give NSA'scustomers the best possible security options in the most widely employed products.
     The objective of the NSAresearch program is to develop technologic advances that can be shared with the software development community through a variety of transfer mechanisms.

     NSAdoes not favor or promote any specific software product or business model.
    Rather, NSAis promoting enhanced security.
    [TOP]
     
  • NIST-CSRC-Logo
     Security Checklist Program for IT Products
  • The Cyber Security Research and Development Act of 2002 tasks the United States Government's National Institute of Standards and Technology Computer Security Resource Center (CSRC)
    to "develop, and revise as necessary, a checklist setting forth settings and option selections that minimize the security risks associated with each computer hardware or software system that is, or is likely to become widely used within the Federal Government."
    Such checklists, when combined with well-developed guidance, leveraged with high-quality security expertise, vendor product knowledge, operational experience, and accompanied with tools, can markedly reduce the vulnerability exposure of an organization.
    [TOP]
     
  • Linux Security.com Logo
     LINUX Security.com Securing Debian HOWTO     [TOP]
     
  • Microsoft Tech Net Logo
     Microsoft Windows 2000 Security Hardening Guide
  • Security checklist which can be used when evaluating a system to ensure that all appropriate configuration changes have been made
    [TOP]
     

  • Benchmarking Tools and Configuration Analyzers
  • Center for Internet Security Logo.
     The Center for Internet Security's
  • mission is to help organizations around the world effectively manage the risks related to information security. CIS provides methods and tools to improve, measure, monitor, and compare the security status of your Internet-connected systems and appliances, plus those of your business partners.

     CIS is not tied to any proprietary product or service. It manages a consensus process whereby members identify security threats of greatest concern, then participate in development of practical methods to reduce the threats. This consensus process is already in use and has proved viable in creating Internet security benchmarks available for widespread adoption.
    [TOP]
     
  • Microsoft Tech Net Logo
     Microsoft Baseline Security Analyzer
  • is an easy-to-use tool designed for the IT professional that helps small and medium businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSAto detect common security misconfigurations and missing security updates on your computer systems.
    [TOP]
     

  • Technical Evaluation Tools
  • Nessus Open-Source Vulnerability Scanner Logo
      Nessus Open-Source Vulnerability Scanner
  • is the world's most popular open-source vulnerability scanner used in over 75,000 organizations world-wide. Many of the world's largest organizations are realizing significant cost savings by using Nessus to audit business-critical enterprise devices and applications.
    [TOP]
     
  • Insecure.org Logo
     Nmap ("Network Mapper")
  • is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmapuses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.
    Nmap runs on most types of computers and both console and graphical versions are available.
    Nmap is free software, available with full source code under the terms of the GNU GPL.
    [TOP]
     
  • Wireshark Network Analyzer Logo
     Wireshark Network Analyzer
  • "Sniff Free or Die"
    Wireshark's powerful features make it the tool of choice for network troubleshooting, protocol development, and education worldwide.
    Wireshark was written by an international group of networking experts, and is an example of the power of open source. It runs on Windows, Linux, UNIX, and other platforms.
    It used to be known as Ethereal, and was renamed in May 2006.
    [TOP]
     
  • WHAX Logo
     WHAX
  • is the natural evolution of WHoppix - a live cd, standalone penetration testing toolkit. There are some major new features in WHAX which add huge functionality compared with Whoppix.
    [TOP]
     
  • Packet Storm Logo
      Packet Storm Global Security Resource
  • offers an abundant resource of up-to-date and historical security tools, exploits, and advisories. We are a non-profit organization comprised of security professionals that are dedicated to providing the information necessary to secure the networks world-wide.
    We accomplish this goal by publishing new security information on a global network of websites.
    [TOP]
     
  • Please read our Legal Notice regarding links to third-party sites
     that are not under ISACA® Las Vegas Chapter control.

  •   If you would like to add a link to your favorite Audit, IT Controls, or INFOSEC related reference to this page
     please contact:
  • Mailbox Image info@isaca-lasvegas.org

  •  Return to ISACA® Las Vegas Chapter Audit, Controls, and Infosec Resources Page

  •  Return to ISACA® Las Vegas Chapter Home Page
  • Valid XHTML 1.0!