Additional Information
Book Details
Abstract
The role of an information security (or assurance) auditor is vital for identifying security gaps in an organisation's information systems. This practical book gives an excellent introduction to the role, covering areas such as purpose, required skills, responsibilities, interface and career progression as well as tools, standards and frameworks related to the role. It gives practical guidance to those new to the role or interested in developing a better understanding of what it entails.
Identifying security gaps in an organisation's information systems is a first and vital step in protecting data and information. This is what makes the role of an information security (or assurance) auditor so important. However, this is a role that is often maligned as a ‘check list monkey’ who adds nothing to the business. This practical book confronts this stereotype and gives an excellent introduction to the role, covering areas such as purpose, required skills, responsibilities, interface and career progression as well as tools, standards and frameworks related to the role. Based on the author's extensive experience, it gives practical guidance to those new to the role or interested in developing a better understanding of what it entails.
Wendy Goucher is a senior security consultant. Most of her work is focused on working with organisations to devise policy and procedures that are both compliant with external rules and operationally effective. This can be an interesting balancing act for which her first degree in psychology is useful.
'I believe that the book could be a useful little primer for a very important position within the IT Security field.'
Anthony Sutcliffe
'A refreshingly good book - easy to read with excellent guidance for both budding auditors and auditees. Wendy’s outline of a model Information Security Auditor outlines both the technical and personal skills required to succeed and it is her attention to the personal skill sets that is unique in this book.'
Vernon Poole, CISM, CGEIT & CRISC - Head of Business Consultancy, Sapphire
Table of Contents
| Section Title | Page | Action | Price |
|---|---|---|---|
| Cover | Cover | ||
| Advert | i | ||
| Copyright | vi | ||
| CONTENTS | vii | ||
| LIST OF FIGURES | ix | ||
| ABOUT THE AUTHOR | x | ||
| ABBREVIATIONS | xi | ||
| GLOSSARY | xiii | ||
| PREFACE | xv | ||
| 1 INTRODUCTION TO INFORMATION SECURITY AUDITING | 1 | ||
| INFORMATION SECURITY | 1 | ||
| INFORMATION SECURITY IN THE WORLD OF WORK | 10 | ||
| WHAT IS INFORMATION SECURITY AUDITING? | 10 | ||
| TYPES OF AUDIT | 11 | ||
| AUDITING STAGES | 17 | ||
| THE BUSINESS BENEFITS OF IS AUDITS | 24 | ||
| 2 THE ROLE OF THE INFORMATION SECURITY AUDITOR | 32 | ||
| THE GULF OF EXECUTION | 32 | ||
| POPULAR MISCONCEPTIONS ABOUT THE AUDIT ROLE | 35 | ||
| BUILDING A MODEL INFORMATION SECURITY AUDITOR | 40 | ||
| ATTRIBUTES OF A MODEL IS AUDITOR | 41 | ||
| SKILLS REQUIRED OF A MODEL IS AUDITOR | 53 | ||
| ON THE OTHER HAND | 73 | ||
| INTERFACE AND DEPENDENCIES | 75 | ||
| 3 TOOLS, METHODS AND TECHNIQUES | 86 | ||
| STANDARDS | 87 | ||
| BEST PRACTICE FRAMEWORKS, PROCEDURES AND PROCESSES | 109 | ||
| 4 CAREER PROGRESSION AND RELATED ROLES | 117 | ||
| ENTRY | 117 | ||
| CONTINUED PROFESSIONAL DEVELOPMENT | 118 | ||
| ‘MODEL-BUILDING’ GUIDANCE IN THE REAL WORLD | 124 | ||
| PRACTICAL EXAMPLES FROM SFIA | 128 | ||
| 5 CASE STUDY ‘A DAY IN THE LIFE OF AN AUDITOR’ | 131 | ||
| AND SO… | 140 | ||
| REFERENCES | 141 | ||
| INDEX | 143 | ||
| Back Cover | 148 |