Protect your organisation from information security risks For any
modern business to thrive, it must assess, control and audit the
risks it faces in a manner appropriate to its risk appetite. As
information-based risks and threats continue to proliferate, it is
essential that they are addressed as an integral component of your
enterprise's risk management strategy, not in isolation. They must
be identified, documented, assessed and managed, and assigned to
risk owners so that they can be mitigated and audited. Fundamentals
of Information Risk Management Auditing provides insight and
guidance on this practice for those considering a career in
information risk management, and an introduction for
non-specialists, such as those managing technical specialists.
Product overview Fundamentals of Information Risk Management
Auditing - An Introduction for Managers and Auditors has four main
parts: What is risk and why is it important? An introduction to
general risk management and information risk. Introduction to
general IS and management risks An overview of general information
security controls, and controls over the operation and management
of information security, plus risks and controls for the
confidentiality, integrity and availability of information.
Introduction to application controls An introduction to application
controls, the controls built into systems to ensure that they
process data accurately and completely. Life as an information risk
management specialist/auditor A guide for those considering, or
undergoing, a career in information risk management. Each chapter
contains an overview of the risks and controls that you may
encounter when performing an audit of information risk, together
with suggested mitigation approaches based on those risks and
controls. Chapter summaries provide an overview of the salient
points for easy reference, and case studies illustrate how those
points are relevant to businesses. The book concludes with an
examination of the skills and qualifications necessary for an
information risk management auditor, an overview of typical job
responsibilities, and an examination of the professional and
ethical standards that an information risk auditor should adhere
to. Topics covered Fundamentals of Information Risk Management
Auditing covers, among other subjects, the three lines of defence;
change management; service management; disaster planning;
frameworks and approaches, including Agile, COBIT(R)5, CRAMM,
PRINCE2(R), ITIL(R) and PMBOK; international standards, including
ISO 31000, ISO 27001, ISO 22301 and ISO 38500; the UK Government's
Cyber Essentials scheme; IT security controls; and application
controls. About the author Christopher Wright is a qualified
accountant, Certified Information Systems Auditor and Certified
ScrumMaster(TM) with over 30 years' experience providing financial
and IT advisory and risk management services. For 16 years, he
worked at KPMG, where he was head of information risk training in
the UK and also ran training courses overseas, including in India
and throughout mainland Europe. He managed a number of major IS
audit and risk assignments, including project risk and business
control reviews. He has worked in a wide range of industry sectors
including oil and gas, the public sector, aviation, and travel. For
the past eight years, he has been an independent consultant
specialising in financial, SOX and operational controls for major
ERP implementations, mainly at oil and gas/utilities enterprises.
He is an international speaker and trainer on Agile audit and
governance, and is the author of two other titles, also published
by ITGP: Agile Governance and Audit and Reviewing IT in Due
Diligence.
General
Is the information for this product incomplete, wrong or inappropriate?
Let us know about it.
Does this product have an incorrect or missing image?
Send us a new image.
Is this product missing categories?
Add more categories.
Review This Product
No reviews yet - be the first to create one!
Welcome to Loot.co.za!
Sign in / Register |Wishlists & Gift Vouchers |Help | Advanced search
(1)
