Chapter 7. Policy Issues and Fundamentals

Solutions in this chapter:

▪ The Auditor's Role in Relation to Policy Creation and Compliance
Summary

Introduction

In this chapter we look at the auditor's role in relation to policy and incident handling.
It is important to remember that security is not just about technology. Security is about people. The people within your organization will determine the success or failure of any information security program. Therefore, they must understand the need for security and that security is there as an aid, not a roadblock. Remember, security is about the people within your organization just as much as the information they seek to protect.
The auditor's role in this process is to validate the policy and processes. ...

Get The IT Regulatory and Standards Compliance Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.