I would like to thank Jones & Bartlett Learning for the opportunity to write this book and be a part of the Information Systems Security & Assurance Series project. I offer my deep appreciation to Kim Lindros, who did an excellent job coordinating this book despite many challenges. Her guidance, patience, and support were instrumental to its success. A special thank-you goes to Mike Chapple, whose experience and debate on risk topics was helpful. His thought-provoking challenges were much appreciated. Thanks also to Mark Merkow and Darril Gibson for contributing chapters to this book.

I would also like to thank the staff and volunteers at ISACA, who dedicate themselves to providing global thought leadership to help define best practices ...