book

Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors

Name: Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors
Author: Christopher Wright
ISBN: 9781849288170

by Christopher Wright

April 2016

Beginner

161 pages

2h 31m

English

IT Governance Publishing

Read now

Unlock full access

Cover
Title
Copyright
Contents
Part I: What is risk and why is it important?
Chapter 1: Risks and controls
OverviewWhat is risk?Management of riskRisk identification and awarenessDocumenting risksAssessing and monitoring riskCategorisationLikelihoodImpactRisk heat mapsControlling riskSummary
Chapter 2: Enterprise risk management (ERM) frameworks
OverviewWhat is enterprise risk management?Strategic enterprise wide management processIdentify potential risksSignificant impactManage them within the entity’s risk appetiteCommon ERM frameworksCOSOThe five componentsISO31000Sarbanes-OxleySummary
Chapter 3: Risk management assurance and audit
OverviewThree lines of defenceFirst line of defence – Business unit staff and managementSecond line of defence – Governance, risk and complianceThird line of defence – Independent assurance from audit and the BoardSegregation of duties between each lineInternal vs external auditOther forms of IT assuranceCase studySummary
Chapter 4: Information Risks and Frameworks
OverviewWhat is information risk?COBIT 5ISO frameworksCRAMMSummary and key take-aways
Part II: Introduction to General IT and Management Risks

Chapter 5: Overview of General IT and Management Risks
OverviewReviewing entity level controls in an IT contextWhat are general IT controls?Case studies and examples of general IT controlsOutsourced arrangementsEnd user computingBring your own devices (BYOD)Case studies and examples of outsourcingReviewing general IT controlsSummary
Chapter 6: Security and Data Privacy
OverviewRisksControlsExamples of IT security controlsISO27001Case study examplesDocumenting, assessing and testing security and confidentiality controlsSummary
Chapter 7: System Development and Change Control
IntroductionProject lifecycle overviewProject lifecycle risksProject lifecycle controlsProject lifecycle case study examplesProject lifecycle documenting, assessing and testing controlsChange management overview and risksChange management controlsChange management case study examplesDocumenting, assessing and testing controlsSummary
Chapter 8: Service Management and Disaster Planning
IntroductionService management overviewDisaster planningCase study examplesSummary
Part III: Introduction to Application Controls
Chapter 9: Overview of Application Controls (Integrity)
IntroductionRisksControlsCase study examplesDocumenting, assessing and testing application controlsSummaryFurther reading
Part IV: Life as an Information Risk Management Specialist
Chapter 10: Planning, Running and Reviewing Information Risk Management Assignments
OverviewStages of a reviewIRM assignment planningConducting an IRM reviewReviewing the audit reviewEnsuring action after the reviewSummary
Chapter 11: Personal Development and Qualifications
OverviewWho are IRM auditors?Skills auditQualifications availableProfessional and ethical standardsSources of employmentA personal case studySummary
Further Reading and Resources
ITG Resources

Content preview from Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors

CHAPTER 4: INFORMATION RISKS AND FRAMEWORKS

Overview

So far we have considered the nature of risk and how it impacts organisations. As information is a key asset of an organisation, a significant area of investment, and one with specific risk implications, it should be high on the agenda of most organisations. Much mystique has arisen around IT assurance because of its technical nature – however, the basic principles are the same as for any other risk impacting the entity. In this chapter we will consider:

• What is information risk?

• The frameworks to help analyse and manage risk:

COBIT 5

ISO standards

CRAMM.

• Summary

Management ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Information Risk Management, 2nd Edition

Publisher Resources

ISBN: 9781849288170

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors

by Christopher Wright

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.