The international information security experts IT Governance have added a new title to their catalogue:
Fundamentals of Information Risk Management Auditing by Christopher Wright.
In a world of proliferating information-based risks and threats, modern businesses can only thrive by assessing, controlling and auditing the risks they face in a manner appropriate to their risk appetite.
Risks must be identified, documented, assessed and managed, and assigned to risk owners so that they can be mitigated and audited.
Fundamentals of Information Risk Management Auditing provides insight and guidance on this practice for those considering a career in information risk management, and an introduction for non-specialists, such as those managing technical specialists.
Chapter summaries provide an overview of the salient points for easy reference, and case studies illustrate how those points are relevant to businesses.
The book concludes with an examination of the skills and qualifications necessary for an information risk management auditor, an overview of typical job responsibilities, and an examination of the professional and ethical standards that an information risk auditor should adhere to.
Topics covered include the three lines of defence; change management; service management; disaster planning; frameworks and approaches, including Agile, COBIT
®5, CRAMM, PRINCE2
®, ITIL
® and PMBOK; international standards, including ISO 31000, ISO 27001, ISO 22301 and ISO 38500; the UK Government's Cyber Essentials scheme; IT security controls; and application controls.
Reader review
“This book will be particularly useful for anyone involved in the audit of information security and risk in all organizations that have related issues and concerns. It provides practical approaches to address information risk auditing, even for those with limited technical knowledge.”
– Antonio Velasco, CEO of Sinersys Technologies
Fundamentals of Information Risk Management Auditing is available from IT Governance in various formats (including softcover, Adobe eBook, Kindle and ePub):
http://www.itgovernance.co.uk/shop/p-1814-fundamentals-of-information-risk-management-auditing.aspx/?utm_source=media&utm_medium=pr (UK)
http://www.itgovernanceusa.com/shop/p-1537-fundamentals-of-information-risk-management-auditing.aspx/?utm_source=media&utm_medium=pr (USA)
http://www.itgovernance.eu/p-1185-fundamentals-of-information-risk-management-auditing.aspx/?utm_source=media&utm_medium=pr (EU)
http://www.itgovernance.asia/p-1082-fundamentals-of-information-risk-management-auditing.aspx/?utm_source=media&utm_medium=pr (APAC)
http://www.itgovernance.in/p-1074-fundamentals-of-information-risk-management-auditing.aspx/?utm_source=media&utm_medium=pr (India and South Asia)
http://www.itgovernancesa.co.za/p-1044-fundamentals-of-information-risk-management-auditing.aspx/?utm_source=media&utm_medium=pr (Southern Africa)
Fundamentals of Information Risk Management Auditing is part of the
Fundamentals Series, co-published by IT Governance Publishing and Information Security Buzz.
Christopher Wright's two other titles,
Agile Governance and Audit and
Reviewing IT in Due Diligence, are also published by IT Governance Publishing.