Canberra Chapter Library

ISACA LIBRARY LOAN POLICY

1. Materials for the library are to be maintained and located at SAP House, Akuna St, Canberra.
2. Videos may be borrowed for a period of one week
3. Books may be borrowed for a period of two weeks
4. A $10 deposit is required on all borrowings from the library and is to be refundable upon the return of the materials within the borrowing period.
5. The borrower may extend the period of the loan by telephoning The Librarian. Should the materials be reserved by another person the extension cannot be granted.
6. Current financial members of the ISACA and members of other bodies as approved by the board can borrow materials from the library.
7. All materials purchased by the ISACA for the library will be uniquely marked with the ISACA library stamp.
8. A list of current financial members will be maintained at the library to ensure the library materials are available to members are approved organisations.

The Board welcomes any additional suggestions for inclusion into the library.

Introductory

Title	Author
Auditing Computer Programs	Audit Guide Series
Auditing Hardware and Software Contracts	Audit Guide Series
Auditing Data Systems	Audit Guide Series
Auditing Information Systems - A Step by Step Approach	Audit Guide Series
Auditing the Small Business Computer	Audit Guide Series
EDP Working Papers	Audit Guide Series
Planning EDP Audits	Audit Guide Series
Selecting EDP Audit Areas	Audit Guide Series

Security

Title	Author
Firewalls and Internet Security - Repelling the Wily Hacker	Cheswick & Bellovin
Building Internet Firewalls	Chapman & Zwicky, 1995
Practical Unix Security	Garfinkel & Spafford
Network Security	Fred Simonds, 1996
E-mail Security	Bruce Schneider, 1995
Security in Information Technolgy: Guidelines for Agencies	Information Exchange Steering Committee
The Orange Book or Trusted Computer System Evaluation Criteria (TCSEC)
Trusted Network Interpretation of TCSEC	Orange Book Series
Trusted UNIX Working Group (TRUSIX) Rationale for Selecting Control List Features for the UNIX System	Orange Book Series
Password Management Guide	Orange Book Series
Guidance for Applying TCSEC in Specific Environments	Orange Book Series
Guidelines for Formal Verification Systems	Orange Book Series
Guidance for Applying Trusted Computer Security Evaluation Criteria	Orange Book Series
Guide to Understanding Discretionary Access Controls	Orange Book Series
Guide to Understanding Configuration Management	Orange Book Series
Guide to Understanding Audit in Trusted Systems	Orange Book Series
Computer Security Subsystem Interpretation	Orange Book Series
A Guide to Understanding Design Documentation	Orange Book Series
Glossary of Computer Security Terms	Orange Book Series
A Guide to Understanding Trusted Distribution	Orange Book Series
Rating Maintenance Phase	Orange Book Series
Guide to Understanding Trusted Facilities Management	Orange Book Series
Trusted Product Evaluation Questionnaire	Orange Book Series

Perspective Series

Title	Author
Introduction to Telecommunications
Applications Audits
Introductory Guide to System Management Facilities

Monograph Series

Title	Author
Advanced Computer Assisted Audit Techniques
A Guide to the Audit/Review of CA-IDMS/R Security
Auditing Expert Systems
Guide to SYS1.PARMLIB
DB2 Technical Audit Guide
Security and Control in an Oracle Environment
EDI: An Audit Approach

Ernst& Young Technical Reference Series

Title	Author
Audit, Control and Security of CA-LIBRARIAN
Audit, Control and Security of CA-PANVALET
Audit, Control and Security of CICS Environments
Audit, Control and Security of CA-Top Secret
Audit, Control and Security of CA-ACF2 Environments
Audit, Control and Security of RACF Environments
Audit, Control and Security of IBM AS 400 Environments
Audit, Control and Security of Tandem Non-stop systems
Audit, Control and Security of the DEC VAX/VMS
Audit, Control and Security of the HP 3000
Audit, Control and Security of Unix Operating System
Audit, Control and Security of SAP/R3
Audit, Control and Security of SAP R/2
Audit, Control and Security of the AIX Operating System

General Texts

Title	Author
Computer Audit, Control and Security	Robert R Moeller
Computer Auditing (3rd Edition)	Andrew D Chambers & John M Court
Computerised Information Systems (CIS) Audit Manual A Guideline to CIS Auditing in Governmental Organisations
Control Objectives Controls in An Information Systems Environment: Controls Guidelines and Audit Procedures
Handbook of EDP Auditing (2nd Edition) + 1994 Cumulative Supplement	Murphy & Parker
Information Systems Strategic Planning	Computer Technology Research Corp, 1994
Internet for Windows	Glyn Moody, 1996
Systems Auditability and Control Manuals (SAC)

Applications/SDLC

Title	Author
A Standard for Auditing Computer Applications: Computer Related Audits and Postimplementation Reviews
An Application in EDP Systems Development	William E Perry
Auditing Operational Application Systems on Large Computers - A Step by Step Audit Approach
Integrity Analysis: A Methodology For EDP Audit and Data Quality Assurance	Maija Svanks

Product Reviews

Title	Author
Audit and Control of MVS	V Lee Conyers
OS/2 2.x vs Windows NT	Computer Technology Research Corporation
Windows NT 3.5 - Guidelines for Security, Audit and Control	:

EDI

Title	Author
Electronic Data Interchange - Streamlining Business Communications	Computer Technology Research Corporation
EDI For Managers and Auditors (2nd Edition)

Standards

Title	Author
The AS9000 Quality Collection
AS 3563.1 & AS 3563.2
Internal Auditor: Journal of the Institute of Internal Auditors 1991 - 1995 (with 5 year index)
Framework and Strategies for Information Technology in the Commonwealth of Australia (Dec 1995)	OGIT

Videos

Title
Whose Idea Was It Anyway?
Data Security - The Facts
Data Insecurity
Computer Risk
The Vulnerable Computer System