Fundamentals of Information Security Risk Management Auditing : An introduction for managers and auditors PDF

by Christopher Wright

Part of the Fundamentals Series series

PDF

Download - Immediately Available

Please note: eBooks can only be purchased with a UK issued credit card and all our eBooks (ePub and PDF) are DRM protected.

Description

For any modern business to thrive, it must assess, control and audit the risks it faces in a manner appropriate to its risk appetite. As information-based risks and threats continue to proliferate, it is essential that they are addressed as an integral component of your enterprise's risk management strategy, not in isolation. They must be identified, documented, assessed and managed, and assigned to risk owners so that they can be mitigated and audited.

Fundamentals of Information Risk Management AuditingÂ provides insight and guidance on this practice for those considering a career in information risk management, and an introduction for non-specialists, such as those managing technical specialists.

Product overview

Fundamentals of Information Risk Management Auditing â€“ An Introduction for Managers and AuditorsÂ has four main parts:

What is risk and why is it important?
An introduction to general risk management and information risk.
Introduction to general IS and management risks
An overview of general information security controls, and controls over the operation and management of information security, plus risks and controls for the confidentiality, integrity and availability of information.
Introduction to application controls
An introduction to application controls, the controls built into systems to ensure that they process data accurately and completely.
Life as an information risk management specialist/auditor
A guide for those considering, or undergoing, a career in information risk management.

Each chapter contains an overview of the risks and controls that you may encounter when performing an audit of information risk, together with suggested mitigation approaches based on those risks and controls.

Chapter summaries provide an overview of the salient points for easy reference, and case studies illustrate how those points are relevant to businesses.

The book concludes with an examination of the skills and qualifications necessary for an information risk management auditor, an overview of typical job responsibilities, and an examination of the professional and ethical standards that an information risk auditor should adhere to.

Topics covered

Fundamentals of Information Risk Management AuditingÂ covers, among other subjects, the three lines of defence; change management; service management; disaster planning; frameworks and approaches, including Agile, COBITÂ®5, CRAMM, PRINCE2Â®, ITILÂ® and PMBOK; international standards, including ISO 31000, ISO 27001, ISO 22301 and ISO 38500; the UK Government's Cyber Essentials scheme; IT security controls; and application controls.

Part I: What is risk and why is it important?

Chapter 1: Risks and controls

Chapter 2: Enterprise risk management (ERM) frameworks

Chapter 3: Risk management assurance and audit

Chapter 4: Information risks and frameworks

Part II: Introduction to general IT and management risks

Chapter 5: Overview of general IT and management risks

Chapter 6: Security and data privacy

Chapter 7: System development and change control

Chapter 8: Service management and disaster planning

Part III: Introduction to Application controls

Chapter 9: Overview of application controls (Integrity)

Part IV: Life as an Information Risk Management specialist

Chapter 10: Planning, running and reviewing information risk management assignments

Chapter 11: Personal development and qualifications

About the author

Christopher Wright is a qualified accountant, Certified Information Systems Auditor and Certified ScrumMasterâ„¢ with over 30 yearsâ€™ experience providing financial and IT advisory and risk management services. For 16 years, he worked at KPMG, where he was head of information risk training in the UK and also ran training courses overseas, including in India and throughout mainland Europe. He managed a number of major IS audit and risk assignments, including project risk and business control reviews. He has worked in a wide range of industry sectors including oil and gas, the public sector, aviation, and travel. For the past eight years, he has been an independent consultant specialising in financial, SOX and operational controls for major ERP implementations, mainly at oil and gas/utilities enterprises.

He is an international speaker and trainer on Agile audit and governance, and is the author of two other titles, also published by ITGP:Â Agile Governance and AuditÂ andÂ Reviewing IT in Due Diligence.

Fundamentals series

Fundamentals of Information Risk Management AuditingÂ is part of theÂ Fundamentals Series, co-published by IT Governance Publishing and Information Security Buzz.

Buy Fundamentals of Information Risk Management Auditing now.