Skip to Main Content
Important information: All physical goods sent to the EU will be liable for local tax payments. Read more
Books Asset Management & Auditing Fundamentals of Information Security Risk Management Auditing
Fundamentals of Information Security Risk Management Auditing

Fundamentals of Information Security Risk Management Auditing - An introduction for managers and auditors

Christopher Wright (Author)

Details

SKU: 4758
Format: Softcover
ISBN13: 9781849288156
BIC: COMPUTER SECURITY, COMPUTING & INFORMATION TECHNOLOGY
BISAC: COMPUTERS / Security / General, COMPUTERS / General
Pages: 170
Published: 12 Apr 2016
Availability: In Stock

Buying option(s)

Description

This book will be particularly useful for anyone involved in the audit of information security and risk in all organizations that have related issues and concerns. It provides practical approaches to address information risk auditing, even for those with limited technical knowledge. This approach provides understandable examples, which will help readers to consider different aspects, methods and technical options when auditing information security and risk.
Antonio Velasco, CEO of Sinersys Technologies

For any modern business to thrive, it must assess, control and audit the risks it faces in a manner appropriate to its risk appetite. As information-based risks and threats continue to proliferate, it is essential that they are addressed as an integral component of your enterprise’s risk management strategy, not in isolation. They must be identified, documented, assessed and managed, and assigned to risk owners so that they can be mitigated and audited.

Fundamentals of Information Risk Management Auditing provides insight and guidance on this practice for those considering a career in information risk management, and an introduction for non-specialists, such as those managing technical specialists.

Each chapter contains an overview of the risks and controls that you may encounter when performing an audit of information risk, together with suggested mitigation approaches based on those risks and controls. Chapter summaries provide an overview of the salient points for easy reference, and case studies illustrate how those points are relevant to businesses.

The book concludes with an examination of the skills and qualifications necessary for an information risk management auditor, an overview of typical job responsibilities, and an examination of the professional and ethical standards that an information risk auditor should adhere to.

 

Kick-start your career in information risk management with this introductory guide - buy your copy today. 

Authors

About the author

Chris Wright is a qualified accountant and Certified Information Systems Auditor (CISA) with over 30 years’ experience providing financial and IT advisory and risk management services. He worked for 16 years at KPMG, where he managed a number of IT due diligence reviews and was head of information risk training in the UK. He has also worked in a wide range of industry sectors including oil and gas, small and medium enterprises, public sector, aviation and travel. 

Reviews

Customer Reviews

(Only registered customers can rate)
Table of contents

Part I: What is risk and why is it important?. 

1: Risks and controls

2: Enterprise risk management (ERM) frameworks

3: Risk management assurance and audit

4: Information Risks and Frameworks

Part II: Introduction to General IT and Management Risks

5: Overview of General IT and Management Risks

6: Security and Data Privacy

7: System Development and Change Control

8: Service Management and Disaster Planning

Part III: Introduction to Application Controls

9: Overview of Application Controls (Integrity)

Part IV: Life as an Information Risk Management Specialist

10: Planning, Running and Reviewing Information Risk Management Assignments

11: Personal Development and Qualifications

Loading...