Fundamentals of Information Security Risk Management Auditing An introduction for managers and auditors
Produktdetaljer
Biographical note
Chris Wright is a qualified accountant and Certified Information Systems Auditor (CISA) with over 30 years’ experience providing financial and IT advisory and risk management services. He worked for 16 years at KPMG, where he managed a number of IT due diligence reviews and was head of information risk training in the UK. He has also worked in a wide range of industry sectors including oil and gas, small and medium enterprises, public sector, aviation and travel.
An introductory guide to information risk management auditing, giving an interesting and useful insight into the risks and controls/mitigations that you may encounter when performing or managing an audit of information risk. Case studies and chapter summaries impart expert guidance to provide the best grounding in information risk available for risk managers and non-specialists alike.
An introductory guide to information risk management auditing, giving an interesting and useful insight into the risks and controls/mitigations that you may encounter when performing or managing an audit of information risk. Case studies and chapter summaries impart expert guidance.
Part I: What is risk and why is it important?.
1: Risks and controls
2: Enterprise risk management (ERM) frameworks
3: Risk management assurance and audit
4: Information Risks and Frameworks
Part II: Introduction to General IT and Management Risks
5: Overview of General IT and Management Risks
6: Security and Data Privacy
7: System Development and Change Control
8: Service Management and Disaster Planning
Part III: Introduction to Application Controls
9: Overview of Application Controls (Integrity)
Part IV: Life as an Information Risk Management Specialist
10: Planning, Running and Reviewing Information Risk Management Assignments
11: Personal Development and Qualifications
Produktdetaljer
Biographical note
Chris Wright is a qualified accountant and Certified Information Systems Auditor (CISA) with over 30 years’ experience providing financial and IT advisory and risk management services. He worked for 16 years at KPMG, where he managed a number of IT due diligence reviews and was head of information risk training in the UK. He has also worked in a wide range of industry sectors including oil and gas, small and medium enterprises, public sector, aviation and travel.