ISACA today introduced ITAF: A Professional Practices Framework for IT Assurance targeting the IT Auditing and Assurance professionals. The official release states:

ITAF^TM consists of compliance and good practice setting guidance:

• Provides guidance on the design, conduct and reporting of IT audit and assurance assignments
• Defines terms and concepts specific to IT assurance
• Establishes standards that address IT audit and assurance professional roles and responsibilities, knowledge, skills and diligence, conduct, and reporting requirements

Figure 1: The ITAF Structure

More info here

Assessing security posture of network devices like routers and firewalls can become a nightmare when a security practitioner is faced with tens of devices with hundreds (sometimes thousands) of lines of configuration data to go through. Manually going through the entire configuration data may not always be the right course of action especially when faced with tight deadlines.

There is help available and it comes in the form of automation tools that can make our life easier. I will discuss a couple of tools that I have worked with and how they can support in auditing and vulnerability assessment activities. (more…)