Fundamentals of information risk management auditing : an introduction for managers and auditors / Christopher Wright.Material type: TextSeries: JSTOR eBooks.Fundamentals of educational planning: Publisher: Ely, Cambridgeshire, United Kingdom : IT Governance Publishing, 2016Description: 1 online resource (1 volume) : illustrations.Content type: text Media type: computer Carrier type: online resourceISBN: 9781849288163; 184928816X.Subject(s): Risk management | Risk management -- AuditingAdditional physical formats: Print version:: No titleDDC classification: 658.155 Online resources: Click here to view this ebook.
|Item type||Current location||Call number||URL||Status||Date due||Barcode|
|Electronic Book||UT Tyler Online Online||HD61 (Browse shelf)||https://ezproxy.uttyler.edu/login?url=http://www.jstor.org/stable/10.2307/j.ctt1bj4t5n||Available||ocn949908718|
Description based on online resource; title from title page (Safari, viewed May 18, 2016).
Includes bibliographical references.
Cover; Title; Copyright; Contents; Part I: What is risk and why is it important?; Chapter 1: Risks and controls; Overview; What is risk?; Management of risk; Risk identification and awareness; Documenting risks; Assessing and monitoring risk; Categorisation; Likelihood; Impact; Risk heat maps; Controlling risk; Summary; Chapter 2: Enterprise risk management (ERM) frameworks; Overview; What is enterprise risk management?; Strategic enterprise wide management process; Identify potential risks; Significant impact; Manage them within the entity's risk appetite; Common ERM frameworks; COSO
The five componentsISO31000; Sarbanes-Oxley; Summary; Chapter 3: Risk management assurance and audit; Overview; Three lines of defence; First line of defence -- Business unit staff and management; Second line of defence -- Governance, risk and compliance; Third line of defence -- Independent assurance from audit and the Board; Segregation of duties between each line; Internal vs external audit; Other forms of IT assurance; Case study; Summary; Chapter 4: Information Risks and Frameworks; Overview; What is information risk?; COBIT 5; ISO frameworks; CRAMM; Summary and key take-aways
Part II: Introduction to General IT and Management RisksChapter 5: Overview of General IT and Management Risks; Overview; Reviewing entity level controls in an IT context; What are general IT controls?; Case studies and examples of general IT controls; Outsourced arrangements; End user computing; Bring your own devices (BYOD); Case studies and examples of outsourcing; Reviewing general IT controls; Summary; Chapter 6: Security and Data Privacy; Overview; Risks; Controls; Examples of IT security controls; ISO27001; Case study examples
Documenting, assessing and testing security and confidentiality controlsSummary; Chapter 7: System Development and Change Control; Introduction; Project lifecycle overview; Project lifecycle risks; Project lifecycle controls; Project lifecycle case study examples; Project lifecycle documenting, assessing and testing controls; Change management overview and risks; Change management controls; Change management case study examples; Documenting, assessing and testing controls; Summary; Chapter 8: Service Management and Disaster Planning; Introduction; Service management overview
Disaster planningCase study examples; Summary; Part III: Introduction to Application Controls; Chapter 9: Overview of Application Controls (Integrity); Introduction; Risks; Controls; Case study examples; Documenting, assessing and testing application controls; Summary; Further reading; Part IV: Life as an Information Risk Management Specialist; Chapter 10: Planning, Running and Reviewing Information Risk Management Assignments; Overview; Stages of a review; IRM assignment planning; Conducting an IRM review; Reviewing the audit review; Ensuring action after the review; Summary