Identifying security gaps in an organisation’s information systems is a first and vital step in protecting data and information. This is what makes the role of an information security (or assurance) auditor so important. However, this is a role that is often maligned as a ‘check list monkey’ who adds nothing to the business. This practical book confronts this stereotype and gives an excellent introduction to the role, covering areas such as purpose, required skills, responsibilities, interface and career progression as well as tools, standards and frameworks related to the role. Based on the author’s extensive experience, it gives practical guidance to those new to the role or interested in developing a better understanding of what it entails.