Muutke küpsiste eelistusi

E-raamat: Auditing Information and Cyber Security Governance: A Controls-Based Approach [Taylor & Francis e-raamat]

  • Formaat: 284 pages, 26 Line drawings, black and white; 6 Halftones, black and white; 32 Illustrations, black and white
  • Sari: Security, Audit and Leadership Series
  • Ilmumisaeg: 23-Sep-2021
  • Kirjastus: CRC Press
  • ISBN-13: 9781003099673
Teised raamatud teemal:
  • Taylor & Francis e-raamat
  • Hind: 96,94 €*
  • * hind, mis tagab piiramatu üheaegsete kasutajate arvuga ligipääsu piiramatuks ajaks
  • Tavahind: 138,48 €
  • Säästad 30%
Auditing Information and Cyber Security Governance: A Controls-Based ApproachSuurem pilt
  • Formaat: 284 pages, 26 Line drawings, black and white; 6 Halftones, black and white; 32 Illustrations, black and white
  • Sari: Security, Audit and Leadership Series
  • Ilmumisaeg: 23-Sep-2021
  • Kirjastus: CRC Press
  • ISBN-13: 9781003099673
Teised raamatud teemal:
Taylor & Francis e-raamatudRohkem infot Taylor & Francis e-raamatute kohta
Raamatu kodulehekülg: https://www.taylorfrancis.com/books/9781003099673
"A much-needed service for society today. I hope this book reaches information managers in the organization now vulnerable to hacks that are stealing corporate information and even holding it hostage for ransom."

Ronald W. Hull, author, poet, and former professor and university administrator

A comprehensive entity security program deploys information asset protection through stratified technological and non-technological controls. Controls are necessary for counteracting threats, opportunities, and vulnerabilities risks in a manner that reduces potential adverse effects to defined, acceptable levels. This book presents a methodological approach in the context of normative decision theory constructs and concepts with appropriate reference to standards and the respective guidelines. Normative decision theory attempts to establish a rational framework for choosing between alternative courses of action when the outcomes resulting from the selection are uncertain. Through the methodological application, decision theory techniques can provide objectives determination, interaction assessments, performance estimates, and organizational analysis. A normative model prescribes what should exist according to an assumption or rule.
Preface xi
1 Security Governance
1(38)
Abstract
1(1)
Introduction
1(1)
Governance Perspectives
2(2)
Rational Management
4(3)
Applied Technology
7(2)
Security Program Evolution
9(1)
Information Security Infrastructure Management
10(1)
Information Security Service Management
11(2)
Information Security Governance
13(2)
Framing Governance
15(1)
Tier One Governance
15(2)
Tier Two Governance
17(2)
Tier Three Governance
19(3)
Security Governance Fusion
22(1)
Cyber Security Service Delivery for IT
23(2)
Cyber Security Service Support for IT
25(4)
Security Governance Insights
29(2)
Formal Authority
31(1)
Interpersonal Roles
31(1)
Informational Roles
32(1)
Decisional Roles
32(1)
References
33(5)
Recommended Reading
38(1)
2 Security Governance Environment
39(35)
Abstract
39(1)
Introduction
39(1)
Entity-Centric Considerations
40(1)
Entity Control Environment
41(5)
Domain Convergence Effects
46(7)
Entity Risk Determinants
53(2)
Legal Issues
55(3)
Managerial Practices
58(1)
Control Inscriptions
59(6)
Technology Deployments
65(2)
References
67(6)
Recommended Reading
73(1)
3 Security Governance Management
74(34)
Abstract
74(1)
Introduction
74(1)
Planning
75(4)
Security Risk Assessment
79(16)
Control Objective Selection
95(2)
Control Goal Selection
97(1)
Organizing
97(1)
Orchestrating
98(2)
Directing
100(1)
Controlling
101(1)
References
102(4)
Recommended Reading
106(1)
Appendix: Information Protection Classifications with Criteria and Definitions
107(1)
4 Security Governance Processes
108(33)
Abstract
108(1)
Introduction
108(1)
Framing Information Security Governance
109(2)
Tier Four Strategic Alignment
111(4)
Tier Four Value Delivery
115(4)
Tier Four Risk Management
119(5)
Tier Four Resource Management
124(4)
Tier Four Performance Measurement
128(3)
References
131(6)
Recommended Reading
137(2)
Appendix: Control Evaluation Worksheets
139(2)
5 Organizational Employees
141(31)
Abstract
141(1)
Introduction
141(1)
Responsibility Delegation
142(2)
Access Controls
144(4)
Power Granting
148(2)
Workplace Irregularities and Illegal Acts
150(4)
IT Incident Response Team
154(5)
Education, Training, and Awareness
159(5)
IT Audit Team
164(1)
Planning Activities
165(1)
Study and Evaluation Activities
166(1)
Testing Activities
166(1)
Reporting Activities
167(1)
Follow-Up Activities
167(1)
References
167(3)
Recommended Reading
170(2)
6 External Organizational Actors
172(31)
Abstract
172(1)
Introduction
172(1)
Supply Chain Partners
173(1)
Information Sharing
174(2)
Knowledge Sharing
176(2)
Supply Chain Logistics
178(1)
Managed Service Providers
179(8)
Service Provider Audit
187(3)
IT Audit Planning
190(2)
IT Audit Study and Evaluation of Controls
192(4)
IT Audit Testing of Controls
196(1)
IT Audit Report on Controls
196(1)
IT Audit Follow-Up
197(1)
References
197(5)
Recommended Reading
202(1)
7 Information Security Governance Audit
203(38)
Abstract
203(1)
Introduction
203(1)
ISG Audit Planning Process
204(2)
Control Assessment
206(3)
Audit Risk Assessment
209(1)
ISG Audit Study and Evaluation of Controls
210(2)
Information Security Strategic Alignment
212(3)
Information Security Value Delivery
215(1)
Information Security Risk Management
216(1)
Information Security Resource Management
216(1)
Information Security Performance Management and Measurement
217(1)
Other Auditable Information Security Units
217(2)
ISG Audit Testing and Evaluation of Controls
219(2)
Information Security Compliance Testing
221(1)
Information Security Substantive Testing
222(1)
Information Security Evidence Assessment
223(1)
ISG Audit Control Reporting
223(1)
Unqualified Opinion
224(1)
Qualified Opinion
225(1)
Adverse Opinion
225(1)
Disclaimer Opinion
225(1)
Degree of Correspondence
226(1)
Engagement Report Structuring
227(1)
ISG Audit Follow-Up
227(1)
ISG Audit Follow-Up Responsibilities
228(1)
General ISG Audit Follow-Up Activities
229(4)
References
233(2)
Recommended Reading
235(1)
Appendix A Control Environment Characteristics -- Internal Policies Matrix
236(1)
Appendix B Entity Culture -- Audit Area Personnel Matrix
237(1)
Appendix C ISG Audit Risk Assessment Template
238(1)
Appendix D Testing Methodology Options Table
239(1)
Appendix E Sampling Selection Options Table
240(1)
8 Cyber Security Governance Audit
241(39)
Abstract
241(1)
Introduction
241(1)
CSG Audit Planning Process
242(1)
Control Assessment
243(3)
Audit Risk Assessment
246(2)
CSG Audit Study and Evaluation of Controls
248(4)
Cybersecurity Access Management
252(3)
Cybersecurity Network Infrastructure
255(3)
Cybersecurity Risk Analysis
258(2)
Cybersecurity Environmental Controls
260(1)
Cybersecurity Confidential Information Assets
261(2)
CSG Audit Testing and Evaluation of Controls
263(2)
Cybersecurity Compliance Testing
265(2)
Cybersecurity Substantive Testing
267(1)
Cybersecurity Evidence Assessment
268(1)
CSG Audit Control Reporting
268(2)
Unqualified Opinion
270(1)
Qualified Opinion
270(1)
Adverse Opinion
270(1)
Disclaimer Opinion
270(1)
Degree of Correspondence
271(1)
Engagement Report Structuring
272(1)
CSG Audit Follow-Up
273(1)
CSG Audit Follow-Up Responsibilities
273(1)
General CSG Audit Follow-Up Activities
274(4)
References
278(1)
Recommended Reading
279(1)
Appendix A CSG Audit Risk Assessment Template 280(1)
Appendix B IAP Functions or Duties Templates 281(1)
Appendix C IAP Control Classification Template 282(1)
Index 283
Dr. Robert E. Davis, CISA, CICA unique qualifications encompass over 30 years of internal control practice and scholarship experience. He has provided data security consulting and information systems auditing services to highly regarded government agencies and corporations of various employee sizes. His past teaching experience includes positions with Temple University, Bryant & Stratton College and Cheyney University, as well as presenting various other training sessions and courses. Dr. Davis has authored articles addressing IT issues for ITAudit Magazine, ISACA Journal, TechTarget, and IT Governance, LTD, as well as a chapter discussing continuous auditing for Bloomsbury Information. Dr. Davis has written workbooks and other instructional material for Boson Software and Pleier Corporation.
Püsilink: https://www.kriso.ee/db/9781003099673_pe.html
Märksõnad: