Book description
An introductory guide to information risk management auditing, giving an interesting and useful insight into the risks and controls/mitigations that you may encounter when performing or managing an audit of information risk. Case studies and chapter summaries impart expert guidance to provide the best grounding in information risk available for risk managers and non-specialists alike.
Table of contents
- Cover
- Title
- Copyright
- Contents
-
Part I: What is risk and why is it important?
- Chapter 1: Risks and controls
- Chapter 2: Enterprise risk management (ERM) frameworks
-
Chapter 3: Risk management assurance and audit
- Overview
- Three lines of defence
- First line of defence – Business unit staff and management
- Second line of defence – Governance, risk and compliance
- Third line of defence – Independent assurance from audit and the Board
- Segregation of duties between each line
- Internal vs external audit
- Other forms of IT assurance
- Case study
- Summary
- Chapter 4: Information Risks and Frameworks
-
Part II: Introduction to General IT and Management Risks
- Chapter 5: Overview of General IT and Management Risks
- Chapter 6: Security and Data Privacy
-
Chapter 7: System Development and Change Control
- Introduction
- Project lifecycle overview
- Project lifecycle risks
- Project lifecycle controls
- Project lifecycle case study examples
- Project lifecycle documenting, assessing and testing controls
- Change management overview and risks
- Change management controls
- Change management case study examples
- Documenting, assessing and testing controls
- Summary
- Chapter 8: Service Management and Disaster Planning
- Part III: Introduction to Application Controls
- Part IV: Life as an Information Risk Management Specialist
- Further Reading and Resources
- ITG Resources
Product information
- Title: Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors
- Author(s):
- Release date: April 2016
- Publisher(s): IT Governance Publishing
- ISBN: 9781849288170
You might also like
book
COSO Enterprise Risk Management: Establishing Effective Governance, Risk, and Compliance (GRC) Processes, 2nd Edition
A fully updated, step-by-step guide for implementing COSO's Enterprise Risk Management COSO Enterprise Risk Management, Second …
book
Auditing the Risk Management Process
Risk management is a part of mainstream corporate life that touches all aspects of every type …
book
Operational Risk Management
The Authoritative Guide to the Best Practices in Operational Risk Management Operational Risk Management offers a …
book
Fundamentals of Auditing
Auditing is a multi-dimensional subject. The scope of auditing is not only restricted to financial audit …