Skip to Main Content
IT Auditing Using Controls to Protect Information Assets, 2nd Edition, 2nd Edition
book

IT Auditing Using Controls to Protect Information Assets, 2nd Edition, 2nd Edition

by Chris Davis, Mike Schiller, Kevin Wheeler
February 2011
Intermediate to advanced content levelIntermediate to advanced
512 pages
15h 37m
English
McGraw-Hill
Content preview from IT Auditing Using Controls to Protect Information Assets, 2nd Edition, 2nd Edition

CHAPTER 18Risk Management

Only a few years ago, firewalls and antivirus software were all that most organizations used to mitigate IT risk. In recent years, however, the threat landscape has changed considerably. Today, the insider threat is more pronounced, thousands of variants of malware are being distributed, and governments have enacted legislation requiring the implementation of myriad controls. As a result, a formal risk management process now should be a part of every IT audit program.

Today’s million dollar question is this: What is a formal risk management program? In this chapter we’ll explore the risk-analysis process, risk management life cycle, and methods for identifying and addressing risk effectively. At the end of this chapter ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Legal and Privacy Issues in Information Security, 3rd Edition

Legal and Privacy Issues in Information Security, 3rd Edition

Joanna Lyn Grama
Auditing IT Infrastructures for Compliance, 3rd Edition

Auditing IT Infrastructures for Compliance, 3rd Edition

Robert Johnson, Marty Weiss, Michael G. Solomon

Publisher Resources

ISBN: 9780071742382