Auditing information and cyber security governance : a controls-based approach /: a controls-based approach. (2021)
- Record Type:
- Book
- Title:
- Auditing information and cyber security governance : a controls-based approach /: a controls-based approach. (2021)
- Main Title:
- Auditing information and cyber security governance : a controls-based approach
- Further Information:
- Note: Robert E. Davis.
- Authors:
- Davis, Robert Elliot, 1955-
- Contents:
- Contents Security Governance * Abstract * Introduction * Governance Perspectives * Rational Management * Applied Technology * Security Program Evolution * Information Security Infrastructure Management * Information Security Service Management * Information Security Governance * Framing Governance * Tier One Governance * Tier Two Governance * Tier Three Governance * Security Governance Fusion * Cyber Security Service Delivery for IT * Cyber Security Service Support for IT * Security Governance Insights * Formal Authority * Interpersonal Roles * Informational Roles * Decisional Roles * References * Recommended Reading * Security Governance Environment * Abstract * Introduction * Entity Centric Considerations * Entity Control Environment * Domain Convergence Effects * Entity Risk Determinants * Legal Issues * Managerial Practices * Control Inscriptions * Technology Deployments * References * Recommended Reading * Security Governance Management * Abstract * Introduction * Planning * Security Risk Assessment * Control Objectives Selection * Control Goals Selection * Organizing * Orchestrating * Directing * Controlling * References * Recommended Reading * Appendix: Information Protection Classifications with Criteria and Definitions * Security Governance Processes * Abstract * Introduction * Framing Information Security Governance * Tier Four Strategic Alignment * Tier Four Value Delivery * Tier Four Risk Management * Tier Four Resource Management * Tier Four PerformanceContents Security Governance * Abstract * Introduction * Governance Perspectives * Rational Management * Applied Technology * Security Program Evolution * Information Security Infrastructure Management * Information Security Service Management * Information Security Governance * Framing Governance * Tier One Governance * Tier Two Governance * Tier Three Governance * Security Governance Fusion * Cyber Security Service Delivery for IT * Cyber Security Service Support for IT * Security Governance Insights * Formal Authority * Interpersonal Roles * Informational Roles * Decisional Roles * References * Recommended Reading * Security Governance Environment * Abstract * Introduction * Entity Centric Considerations * Entity Control Environment * Domain Convergence Effects * Entity Risk Determinants * Legal Issues * Managerial Practices * Control Inscriptions * Technology Deployments * References * Recommended Reading * Security Governance Management * Abstract * Introduction * Planning * Security Risk Assessment * Control Objectives Selection * Control Goals Selection * Organizing * Orchestrating * Directing * Controlling * References * Recommended Reading * Appendix: Information Protection Classifications with Criteria and Definitions * Security Governance Processes * Abstract * Introduction * Framing Information Security Governance * Tier Four Strategic Alignment * Tier Four Value Delivery * Tier Four Risk Management * Tier Four Resource Management * Tier Four Performance Measurement * References * Recommended Reading * Appendix: Control Evaluation Worksheets * Control Evaluation Worksheets 1a: Single Risk Ratings * Control Evaluation Worksheets 1b: Single Risk Ratings * Control Evaluation Worksheets 2a: Group Risk Ratings * Control Evaluation Worksheets 2b: Group Risk Ratings * Control Evaluation Worksheets 3: Summary Risk Sheet * Organizational Employees * Abstract * Introduction * Responsibility Delegation * Access Controls * Power Granting * Workplace Irregularities and Illegal Acts * IT Incident Response Team * Education, Training, and Awareness * IT Audit Team * Planning Activities * Study and Evaluation Activities * Testing Activities * Reporting Activities * Follow-up Activities * References * Recommended Reading * External Organizational Actors * Abstract * Introduction * Supply Chain Partners * Information Sharing * Knowledge Sharing * Supply Chain Logistics * Managed Service Providers * Service Provider Audit * IT Audit Planning * IT Audit Study and Evaluation of Controls * IT Audit Testing of Controls * IT Audit Report on Controls * IT Audit Follow-up * References * Recommended Reading * Information Security Governance Audit * Abstract * Introduction * ISG Audit Planning Process * Control Assessment * Audit Risk Assessment * ISG Audit Study and Evaluation of Controls * Information Security Strategic Alignment * Information Security Value Delivery * Information Security Risk Management * Information Security Resource Management * Information Security Performance Management and Measurement * Other Auditable Information Security Units * ISG Audit Testing and Evaluation of Controls * Information Security Compliance Testing * Information Security Substantive Testing * Information Security Evidence Assessment * ISG Audit Control Reporting * Degree of Correspondence * Engagement Report Structuring * ISG Audit Follow-up * ISG Audit Follow-up Responsibilities * General ISG Audit Follow-up Activities * References * Recommended Reading * Appendix A: Control Environment Characteristics – Internal Policies Matrix * Appendix B: Entity Culture – Audit Area Personnel Matrix * Appendix C: ISG Audit Risk Assessment Template * Appendix D: Testing Methodology Options Table * Appendix E: Sampling Selection Options Table * Cyber Security Governance Audit * Abstract * Introduction * CSG Audit Planning Process * Control Assessment * Audit Risk Assessment * CSG Audit Study and Evaluation of Controls * Cybersecurity Access Management * Cybersecurity Network Infrastructure * Cybersecurity Risk Analysis * Cybersecurity Environmental Controls * Cybersecurity Confidential Information Assets * CSG Audit Testing and Evaluation of Controls * Cybersecurity Compliance Testing * Cybersecurity Substantive Testing * Cybersecurity Evidence Assessment * CSG Audit Control Reporting * Degree of Correspondence * Engagement Report Structuring * CSG Audit Follow-up * CSG Audit Follow-up Responsibilities * General CSG Audit Follow-up Activities * References * Recommended Reading * Appendix A: CSG Audit Risk Assessment Template * Appendix B: IAP Functions or Duties Templates * Appendix C: IAP Control Classification Template * … (more)
- Edition:
- 1st
- Publisher Details:
- Boca Raton : CRC Press
- Publication Date:
- 2021
- Extent:
- 1 online resource, illustrations (black and white)
- Subjects:
- 005.8
Computer security -- Data processing
Auditing -- Data processing - Languages:
- English
- ISBNs:
- 9781000416121
9781000416084
9781003099673 - Related ISBNs:
- 9780367568504
- Notes:
- Note: Description based on CIP data; resource not viewed.
- Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.637207
- Ingest File:
- 06_025.xml