Chapter 16

Assurance Management

Not only does an organisation need to plan and execute an appropriate information security programme, but the senior management team also needs to have a means by which it can check that this is so – to provide assurance that all is well in this respect. This chapter examines the various aspects of providing such assurance.

In this chapter you will learn about:

  • The broad meaning of the term ‘assurance’;
  • Setting up and managing an enterprise-wide audit framework for assuring the information security management processes;
  • How to use international standards as the basis for an enterprise-wide audit framework and for certifying auditors;
  • Technical auditing of information systems to provide assurance of their correctness ...

Get Enterprise Security Architecture now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.