Fundamentals of Information Risk Management Auditing 1st edition by IT Governance Publishing – Ebook PDF Instant Download/Delivery:1849288151, 978-1849288156
Full download Fundamentals of Information Risk Management Auditing 1st edition after payment
Product details:
ISBN 10: 1849288151
ISBN 13: 978-1849288156
Author: IT Governance Publishing
Protect your organisation from information security risks For any modern business to thrive, it must assess, control and audit the risks it faces in a manner appropriate to its risk appetite. As information-based risks and threats continue to proliferate, it is essential that they are addressed as an integral component of your enterprise’s risk management strategy, not in isolation. They must be identified, documented, assessed and managed, and assigned to risk owners so that they can be mitigated and audited. Fundamentals of Information Risk Management Auditing provides insight and guidance on this practice for those considering a career in information risk management, and an introduction for non-specialists, such as those managing technical specialists. Product overview Fundamentals of Information Risk Management Auditing – An Introduction for Managers and Auditors has four main parts: What is risk and why is it important? An introduction to general risk management and information risk. Introduction to general IS and management risks An overview of general information security controls, and controls over the operation and management of information security, plus risks and controls for the confidentiality, integrity and availability of information. Introduction to application controls An introduction to application controls, the controls built into systems to ensure that they process data accurately and completely. Life as an information risk management specialist/auditor A guide for those considering, or undergoing, a career in information risk management. Each chapter contains an overview of the risks and controls that you may encounter when performing an audit of information risk, together with suggested mitigation approaches based on those risks and controls. Chapter summaries provide an overview of the salient points for easy reference, and case studies illustrate how those points are relevant to businesses. The book concludes with an examination of the skills and qualifications necessary for an information risk management auditor, an overview of typical job responsibilities, and an examination of the professional and ethical standards that an information risk auditor should adhere to. Topics covered Fundamentals of Information Risk Management Auditing covers, among other subjects, the three lines of defence; change management; service management; disaster planning; frameworks and approaches, including Agile, COBIT(R)5, CRAMM, PRINCE2(R), ITIL(R) and PMBOK; international standards, including ISO 31000, ISO 27001, ISO 22301 and ISO 38500; the UK Government’s Cyber Essentials scheme; IT security controls; and application controls. About the author Christopher Wright is a qualified accountant, Certified Information Systems Auditor and Certified ScrumMaster(TM) with over 30 years’ experience providing financial and IT advisory and risk management services. For 16 years, he worked at KPMG, where he was head of information risk training in the UK and also ran training courses overseas, including in India and throughout mainland Europe. He managed a number of major IS audit and risk assignments, including project risk and business control reviews. He has worked in a wide range of industry sectors including oil and gas, the public sector, aviation, and travel. For the past eight years, he has been an independent consultant specialising in financial, SOX and operational controls for major ERP implementations, mainly at oil and gas/utilities enterprises. He is an international speaker and trainer on Agile audit and governance, and is the author of two other titles, also published by ITGP: Agile Governance and Audit and Reviewing IT in Due Diligence.
Fundamentals of Information Risk Management Auditing 1st Table of contents:
Part I: What is risk and why is it important?
Chapter 1: Risks and controls
Overview
What is risk?
Management of risk
Risk identification and awareness
Documenting risks
Assessing and monitoring risk
Categorisation
Likelihood
Impact
Risk heat maps
Controlling risk
Summary
Chapter 2: Enterprise risk management (ERM) frameworks
Overview
What is enterprise risk management?
Strategic enterprise wide management process
Identify potential risks
Significant impact
Manage them within the entity’s risk appetite
Common ERM frameworks
COSO
The five components
ISO31000
Sarbanes-Oxley
Summary
Chapter 3: Risk management assurance and audit
Overview
Three lines of defence
First line of defence – Business unit staff and management
Second line of defence – Governance, risk and compliance
Third line of defence – Independent assurance from audit and the Board
Segregation of duties between each line
Internal vs external audit
Other forms of IT assurance
Case study
Summary
Chapter 4: Information Risks and Frameworks
Overview
What is information risk?
COBIT 5
ISO frameworks
CRAMM
Summary and key take-aways
Part II: Introduction to General IT and Management Risks
Chapter 5: Overview of General IT and Management Risks
Overview
Reviewing entity level controls in an IT context
What are general IT controls?
Case studies and examples of general IT controls
Outsourced arrangements
End user computing
Bring your own devices (BYOD)
Case studies and examples of outsourcing
Reviewing general IT controls
Summary
Chapter 6: Security and Data Privacy
Overview
Risks
Controls
Examples of IT security controls
ISO27001
Case study examples
Documenting, assessing and testing security and confidentiality controls
Summary
Chapter 7: System Development and Change Control
Introduction
Project lifecycle overview
Project lifecycle risks
Project lifecycle controls
Project lifecycle case study examples
Project lifecycle documenting, assessing and testing controls
Change management overview and risks
Change management controls
Change management case study examples
Documenting, assessing and testing controls
Summary
Chapter 8: Service Management and Disaster Planning
Introduction
Service management overview
Disaster planning
Case study examples
Summary
Part III: Introduction to Application Controls
Chapter 9: Overview of Application Controls (Integrity)
Introduction
Risks
Controls
Case study examples
Documenting, assessing and testing application controls
Summary
Further reading
Part IV: Life as an Information Risk Management Specialist
Chapter 10: Planning, Running and Reviewing Information Risk Management Assignments
Overview
Stages of a review
IRM assignment planning
Conducting an IRM review
Reviewing the audit review
Ensuring action after the review
Summary
Chapter 11: Personal Development and Qualifications
Overview
Who are IRM auditors?
Skills audit
Qualifications available
Professional and ethical standards
Sources of employment
A personal case study
People also search for Fundamentals of Information Risk Management Auditing 1st :
fundamentals of risk management and insurance
fundamentals of risk management test answers
fundamentals of cyber risk management
fundamentals of cyber risk management exam
fundamentals of cyber risk management quizlet
Tags: IT Governance Publishing, Management Auditing, Fundamentals of Information