CHAPTER 18Risk Management
Only a few years ago, firewalls and antivirus software were all that most organizations used to mitigate IT risk. In recent years, however, the threat landscape has changed considerably. Today, the insider threat is more pronounced, thousands of variants of malware are being distributed, and governments have enacted legislation requiring the implementation of myriad controls. As a result, a formal risk management process now should be a part of every IT audit program.
Today’s million dollar question is this: What is a formal risk management program? In this chapter we’ll explore the risk-analysis process, risk management life cycle, and methods for identifying and addressing risk effectively. At the end of this chapter ...
Get IT Auditing Using Controls to Protect Information Assets, 2nd Edition, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.