Not only does an organisation need to plan and execute an appropriate information security programme, but the senior management team also needs to have a means by which it can check that this is so – to provide assurance that all is well in this respect. This chapter examines the various aspects of providing such assurance.
In this chapter you will learn about:
- The broad meaning of the term ‘assurance’;
- Setting up and managing an enterprise-wide audit framework for assuring the information security management processes;
- How to use international standards as the basis for an enterprise-wide audit framework and for certifying auditors;
- Technical auditing of information systems to provide assurance of their correctness ...