About
Veteran cybersecurity practitioner committed to applying my in-depth professional…
Articles by Chris
-
Reposting. Because it's hard. PCI DSS to SP 800-53r5
Reposting. Because it's hard. PCI DSS to SP 800-53r5
By Chris Davis
-
Security & Compliance in a Multi-Cloud World
Security & Compliance in a Multi-Cloud World
By Chris Davis
Contributions
Activity
-
BREAKING: NIST has released three self-guided online introductory courses on the SP 800-53 security and privacy control catalog, the SP…
BREAKING: NIST has released three self-guided online introductory courses on the SP 800-53 security and privacy control catalog, the SP…
Liked by Chris Davis
Experience
Education
Licenses & Certifications
Publications
-
IT Auditing: Using Controls to Protect Information Assets
McGraw-Hill
This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource.
Build and maintain an internal IT audit function with maximum effectiveness and value
Audit entity-level…This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource.
Build and maintain an internal IT audit function with maximum effectiveness and value
Audit entity-level controls, data centers, and disaster recovery
Examine switches, routers, and firewalls
Evaluate Windows, UNIX, and Linux operating systems
Audit Web servers and applications
Analyze databases and storage solutions
Assess WLAN and mobile devices
Audit virtualized environments
Evaluate risks associated with cloud computing and outsourced operations
Drill down into applications to find potential control weaknesses
Use standards and frameworks, such as COBIT, ITIL, and ISO
Understand regulations, including Sarbanes-Oxley, HIPAA, and PCI
Implement proven risk management practices
Other authorsSee publication -
IT Auditing: Using Controls to Protect Information Assets, 2nd Ed.
McGraw-Hill/Osborne
Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Second Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cloud computing, outsourced operations, virtualization, and storage are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific…
Fully updated to cover leading-edge tools and technologies, IT Auditing: Using Controls to Protect Information Assets, Second Edition, explains, step by step, how to implement a successful, enterprise-wide IT audit program. New chapters on auditing cloud computing, outsourced operations, virtualization, and storage are included. This comprehensive guide describes how to assemble an effective IT audit team and maximize the value of the IT audit function. In-depth details on performing specific audits are accompanied by real-world examples, ready-to-use checklists, and valuable templates. Standards, frameworks, regulations, and risk management techniques are also covered in this definitive resource.
-
Additional Publications
-
Primary Author
• IT Auditing: Using Controls to Protect Information Assets, 2nd Ed. (McGraw-Hill/Osborne, 2011)
• Hacking Exposed: Computer Forensics, 2nd Ed. (McGraw-Hill/Osborne, 2009)
• IT Auditing: Using Controls to Protect Information Assets (McGraw-Hill/Osborne, 2007)
• Anti-Hacker Tool Kit, 3rd Ed. (McGraw-Hill/Osborne, 2006)
• Hacking Exposed: Computer Forensics (McGraw-Hill/Osborne, 2005)
Contributing Author
• Computer Security Handbook, 5th Ed. (John Wiley &…Primary Author
• IT Auditing: Using Controls to Protect Information Assets, 2nd Ed. (McGraw-Hill/Osborne, 2011)
• Hacking Exposed: Computer Forensics, 2nd Ed. (McGraw-Hill/Osborne, 2009)
• IT Auditing: Using Controls to Protect Information Assets (McGraw-Hill/Osborne, 2007)
• Anti-Hacker Tool Kit, 3rd Ed. (McGraw-Hill/Osborne, 2006)
• Hacking Exposed: Computer Forensics (McGraw-Hill/Osborne, 2005)
Contributing Author
• Computer Security Handbook, 5th Ed. (John Wiley & Sons Inc, 2009)
• Digital Crime and Forensic Science in Cyberspace (IDEA Publishing, 2006)
• SANS Securing Windows 2000 Step-by-Step (SANS, 2001)
White Papers, etc.,
Patents
-
Methods, Systems, and Computer Readable Mediums for Providing Supply Chain Validation
US 9,449,171
Methods, systems, and computer readable mediums for providing supply chain validation are disclosed. According to one exemplary embodiment, a method for validating a computing system comprises receiving, from a source entity and via an out of band delivery, validation information for validating the computing system, wherein the validation information is derived from one or more components of the
computing system. The method also includes determining, using the validation information and…Methods, systems, and computer readable mediums for providing supply chain validation are disclosed. According to one exemplary embodiment, a method for validating a computing system comprises receiving, from a source entity and via an out of band delivery, validation information for validating the computing system, wherein the validation information is derived from one or more components of the
computing system. The method also includes determining, using the validation information and reference information associated with the computing system, whether a configuration of the computing system has been modified and, in response to determining that the configuration of the computing system has been modified, generating information about a system modification. -
Patent submissions for supply chain validation, application centric compliance, and processes for eliminating default credentials.
US
Recommendations received
-
LinkedIn User
17 people have recommended Chris
Join now to viewOther similar profiles
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Chris Davis in United States
5877 others named Chris Davis in United States are on LinkedIn
See others named Chris Davis