Untitled Document

Systems & Process Assurance (SPA) Repository

Considering the need for a systematic repository of information/ tools/ techniques/ case studies this new feature is being added for the benefit of members to have a technology update on high topics using technical content already available on the World Wide Web.  An effort has been made to identify good reference material on the web for ready reference and use.  The endeavour is to provide a ready source of good materials for the benefit of ISA Members so that they concentrate on using information rather than searching for it.

Sarbanes Oxley – Controls Certification

IT Control Objectives for Sarbanes-Oxley

IS Audit Guidelines

Global Technology Audit Guides (GTAG)

SAC: Systems Assurance and Control

Technology Implementation - Experiences

Auditing IT Security Messes

Out of Alignment – Increased IT Spending does not lead to Increased Performance

IS Priorities and Practices – New Approaches

IT and Audit News - Cases

SPA – Tools & Resources

Tools and Resources for Information Security Management

Tools and Resources for Information Technology Management

SPA – Important Software Tools

Nessus http://www.nessus.org/ Open Source vulnerability assessment tool
Hping2 http://www.hping.org/ A network probing utility like ping on steroids hping3 assembles and sends custom ICMP/UDP/TCP packets and displays any replies.

DSniff

http://naughty.monkey.org/~dugsong/dsniff/

 

A suite of powerful network auditing and penetration-testing tools

GFI LANguard

http://www.gfi.com/lannetscan/

A commercial network security scanner for Windows

ISS Internet Scanner

http://www.iss.net/products_services/ enterprise_protection/ vulnerability_assessment/ scanner_internet.php

 Application-level vulnerability assessment

SARA

 http://www-arc.com/sara/ Security Auditor's Research Assistant. SARA is a vulnerability assessment tool that was derived from the infamous SATAN scanner.
N-Stealth http://www.nstalker.com/nstealth/ Web server scanner. N-Stealth is a commercial web server security scanner.
Firewalk http://www.packetfactory.net/projects/firewalk/ Advanced traceroute

Some of the other topics under which this repository would be developed are – IS Audit of Banks, Network Security Audit, CAAT/ GAS Tools & their use.

Members are encouraged to contribute by sending good links for hosting to secyitc@icai.org from time to time to help us expand this repository



COPYRIGHT @ ISA Information Services, 2003