Cargando…
Fundamentals of information risk management auditing : an introduction for managers and auditors /
Providing insight into information risk management auditing for those considering a career in information risk management, and an introduction for non-specialists, such as those managing technical specialists, this book discusses the risks and controls that you may encounter when performing an audit...
| Clasificación: | Libro Electrónico |
|---|---|
| Autor principal: | |
| Formato: | Electrónico eBook |
| Idioma: | Inglés |
| Publicado: |
Ely, Cambridgeshire, United Kingdom :
IT Governance Publishing,
2016.
|
| Colección: | Fundamentals of educational planning.
|
| Temas: | |
| Acceso en línea: | Texto completo Texto completo |
Tabla de Contenidos:
- Cover; Title; Copyright; Contents; Part I: What is risk and why is it important?; Chapter 1: Risks and controls; Overview; What is risk?; Management of risk; Risk identification and awareness; Documenting risks; Assessing and monitoring risk; Categorisation; Likelihood; Impact; Risk heat maps; Controlling risk; Summary; Chapter 2: Enterprise risk management (ERM) frameworks; Overview; What is enterprise risk management?; Strategic enterprise wide management process; Identify potential risks; Significant impact; Manage them within the entity's risk appetite; Common ERM frameworks; COSO.
- The five componentsISO31000; Sarbanes-Oxley; Summary; Chapter 3: Risk management assurance and audit; Overview; Three lines of defence; First line of defence
- Business unit staff and management; Second line of defence
- Governance, risk and compliance; Third line of defence
- Independent assurance from audit and the Board; Segregation of duties between each line; Internal vs external audit; Other forms of IT assurance; Case study; Summary; Chapter 4: Information Risks and Frameworks; Overview; What is information risk?; COBIT 5; ISO frameworks; CRAMM; Summary and key take-aways.
- Part II: Introduction to General IT and Management RisksChapter 5: Overview of General IT and Management Risks; Overview; Reviewing entity level controls in an IT context; What are general IT controls?; Case studies and examples of general IT controls; Outsourced arrangements; End user computing; Bring your own devices (BYOD); Case studies and examples of outsourcing; Reviewing general IT controls; Summary; Chapter 6: Security and Data Privacy; Overview; Risks; Controls; Examples of IT security controls; ISO27001; Case study examples.
- Documenting, assessing and testing security and confidentiality controlsSummary; Chapter 7: System Development and Change Control; Introduction; Project lifecycle overview; Project lifecycle risks; Project lifecycle controls; Project lifecycle case study examples; Project lifecycle documenting, assessing and testing controls; Change management overview and risks; Change management controls; Change management case study examples; Documenting, assessing and testing controls; Summary; Chapter 8: Service Management and Disaster Planning; Introduction; Service management overview.
- Disaster planningCase study examples; Summary; Part III: Introduction to Application Controls; Chapter 9: Overview of Application Controls (Integrity); Introduction; Risks; Controls; Case study examples; Documenting, assessing and testing application controls; Summary; Further reading; Part IV: Life as an Information Risk Management Specialist; Chapter 10: Planning, Running and Reviewing Information Risk Management Assignments; Overview; Stages of a review; IRM assignment planning; Conducting an IRM review; Reviewing the audit review; Ensuring action after the review; Summary.