Franklin

Fundamentals of Information Security Risk Management Auditing : An Introduction for Managers and Auditors.

Author/Creator:
Wright, Christopher.
Publication:
Ely : IT Governance Ltd, 2016.
Format/Description:
Book
1 online resource (161 pages)
Series:
Fundamentals Ser.
Fundamentals Ser. ; v.6
Status/Location:
Loading...

Options
Location Notes Your Loan Policy

Details

Subjects:
Risk management.
Form/Genre:
Electronic books.
Summary:
An introductory guide to information risk management auditing, giving an interesting and useful insight into the risks and controls/mitigations that you may encounter when performing or managing an audit of information risk. Case studies and chapter summaries impart expert guidance.
Contents:
Cover
Title
Copyright
Contents
Part I: What is risk and why is it important?
Chapter 1: Risks and controls
Overview
What is risk?
Management of risk
Risk identification and awareness
Documenting risks
Assessing and monitoring risk
Categorisation
Likelihood
Impact
Risk heat maps
Controlling risk
Summary
Chapter 2: Enterprise risk management (ERM) frameworks
Overview
What is enterprise risk management?
Strategic enterprise wide management process
Identify potential risks
Significant impact
Manage them within the entity's risk appetite
Common ERM frameworks
COSO
The five components
ISO31000
Sarbanes-Oxley
Summary
Chapter 3: Risk management assurance and audit
Overview
Three lines of defence
First line of defence - Business unit staff and management
Second line of defence - Governance, risk and compliance
Third line of defence - Independent assurance from audit and the Board
Segregation of duties between each line
Internal vs external audit
Other forms of IT assurance
Case study
Summary
Chapter 4: Information Risks and Frameworks
Overview
What is information risk?
COBIT 5
ISO frameworks
CRAMM
Summary and key take-aways
Part II: Introduction to General IT and Management Risks
Chapter 5: Overview of General IT and Management Risks
Overview
Reviewing entity level controls in an IT context
What are general IT controls?
Case studies and examples of general IT controls
Outsourced arrangements
End user computing
Bring your own devices (BYOD)
Case studies and examples of outsourcing
Reviewing general IT controls
Summary
Chapter 6: Security and Data Privacy
Overview
Risks
Controls
Examples of IT security controls
ISO27001
Case study examples.
Documenting, assessing and testing security and confidentiality controls
Summary
Chapter 7: System Development and Change Control
Introduction
Project lifecycle overview
Project lifecycle risks
Project lifecycle controls
Project lifecycle case study examples
Project lifecycle documenting, assessing and testing controls
Change management overview and risks
Change management controls
Change management case study examples
Documenting, assessing and testing controls
Summary
Chapter 8: Service Management and Disaster Planning
Introduction
Service management overview
Disaster planning
Case study examples
Summary
Part III: Introduction to Application Controls
Chapter 9: Overview of Application Controls (Integrity)
Introduction
Risks
Controls
Case study examples
Documenting, assessing and testing application controls
Summary
Further reading
Part IV: Life as an Information Risk Management Specialist
Chapter 10: Planning, Running and Reviewing Information Risk Management Assignments
Overview
Stages of a review
IRM assignment planning
Conducting an IRM review
Reviewing the audit review
Ensuring action after the review
Summary
Chapter 11: Personal Development and Qualifications
Overview
Who are IRM auditors?
Skills audit
Qualifications available
Professional and ethical standards
Sources of employment
A personal case study
Summary
Further Reading and Resources
ITG Resources.
Notes:
Description based on publisher supplied metadata and other sources.
Local notes:
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2021. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.
Other format:
Print version: Wright, Christopher Fundamentals of Information Security Risk Management Auditing
ISBN:
9781849288163
9781849288156
OCLC:
949883744