Information Security Auditing

1.[Ch 1, Hands-on Projects, no. 3]—Look up the PCI-DSS control objectives on the Internet. Give its URL. Which ones did TJX violate? Justify your list. 2.[Ch 1, Thought Questions, no. 4]—Addamark Technologies found that its Web servers had been accessed without authorization by an employee of competitor Arcsight. [See Addamark Technologies, "Even Security Firms at Risk for Break In," E-week, February 17, 2003.] Arcsight's vice president for marketing dismissed the hacking, saying, "It's simply a screen that asked for a username and password. The employee didn't feel like he did anything illicit." The VP went on to say the employee would not be disciplined. Comment on the Arcsight VP's defense. 3.[Ch 1, Thought Questions, no. 5]—Give three examples of social engineering not listed in the text. 4.[Ch 2, Thought Questions, no. 2]—Chapter 2 discussed three ways to view the IT security function—as a police force, as a military organization, and as a loving mother. Name another view and describe why it is good. 5.Provide definitions for each of the following terms and indicate any negative (or positive) experiences you have had: viruses spyware spam and spim botnets phishing cookies worms Trojan horses 6. Explain what information security auditing is and any exposure or experiences you have had with it.                                                              

Sample Solution