Verfügbarkeit: Fundamentals of information risk management auditing :

Fundamentals of information risk management auditing :: an introduction for managers and auditors /

Providing insight into information risk management auditing for those considering a career in information risk management, and an introduction for non-specialists, such as those managing technical specialists, this book discusses the risks and controls that you may encounter when performing an audit...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
1. Verfasser:	Wright, Christopher (Accountant) (VerfasserIn)
Format:	Elektronisch E-Book
Sprache:	English
Veröffentlicht:	Ely, Cambridgeshire, United Kingdom : IT Governance Publishing, 2016.
Schriftenreihe:	Fundamentals of educational planning.
Schlagworte:	Risk management. Risk management > Auditing. Gestion du risque. risk management. COMPUTERS > General. Risk management
Online-Zugang:	Volltext
Zusammenfassung:	Providing insight into information risk management auditing for those considering a career in information risk management, and an introduction for non-specialists, such as those managing technical specialists, this book discusses the risks and controls that you may encounter when performing an audit of information risk, together with suggested mitigation approaches based on those risks and controls. --
Beschreibung:	1 online resource (1 volume) : illustrations
Bibliographie:	Includes bibliographical references.
ISBN:	9781849288163 184928816X

Internformat

MARC


LEADER	00000cam a2200000 i 4500
001	ZDB-4-EBA-ocn949908718
003	OCoLC
005	20241004212047.0
006	m o d
007	cr unu\|\|\|\|\|\|\|\|
008	160518s2016 enka ob 000 0 eng d
040			\|a UMI \|b eng \|e rda \|e pn \|c UMI \|d YDXCP \|d JSTOR \|d EBLCP \|d N$T \|d TEFOD \|d COO \|d IDB \|d K6U \|d OTZ \|d LIV \|d MERUC \|d OCLCQ \|d IOG \|d SNK \|d DKU \|d AUW \|d INTCL \|d IGB \|d D6H \|d VVB \|d OCLCF \|d VTS \|d AGLDB \|d G3B \|d S8J \|d STF \|d OL$ \|d OCLCQ \|d BRF \|d OCLCO \|d OCLCQ \|d OCLCO \|d OCLCL
019			\|a 949326960 \|a 949883744 \|a 966385728
020			\|a 9781849288163 \|q (electronic bk.)
020			\|a 184928816X \|q (electronic bk.)
020			\|z 1849288151
020			\|z 9781849288156
035			\|a (OCoLC)949908718 \|z (OCoLC)949326960 \|z (OCoLC)949883744 \|z (OCoLC)966385728
037			\|a CL0500000742 \|b Safari Books Online
037			\|a 5F2B51CF-2FA5-41ED-B07B-30EE9FFE56BB \|b OverDrive, Inc. \|n http://www.overdrive.com
050		4	\|a HD61
072		7	\|a COM000000 \|2 bisacsh
072		7	\|a COM053000 \|2 bisacsh
082	7		\|a 658.155 \|2 23
049			\|a MAIN
100	1		\|a Wright, Christopher \|c (Accountant), \|e author. \|1 https://id.oclc.org/worldcat/entity/E39PCjtC69VFKJHpg6Vb7yrRmm \|0 http://id.loc.gov/authorities/names/no2016039322
245	1	0	\|a Fundamentals of information risk management auditing : \|b an introduction for managers and auditors / \|c Christopher Wright.
264		1	\|a Ely, Cambridgeshire, United Kingdom : \|b IT Governance Publishing, \|c 2016.
300			\|a 1 online resource (1 volume) : \|b illustrations
336			\|a text \|b txt \|2 rdacontent
337			\|a computer \|b c \|2 rdamedia
338			\|a online resource \|b cr \|2 rdacarrier
490	1		\|a Fundamentals ; \|v v. 6
588	0		\|a Online resource; title from title page (Safari, viewed May 18, 2016).
504			\|a Includes bibliographical references.
505	0		\|a Cover; Title; Copyright; Contents; Part I: What is risk and why is it important?; Chapter 1: Risks and controls; Overview; What is risk?; Management of risk; Risk identification and awareness; Documenting risks; Assessing and monitoring risk; Categorisation; Likelihood; Impact; Risk heat maps; Controlling risk; Summary; Chapter 2: Enterprise risk management (ERM) frameworks; Overview; What is enterprise risk management?; Strategic enterprise wide management process; Identify potential risks; Significant impact; Manage them within the entity's risk appetite; Common ERM frameworks; COSO.
505	8		\|a The five componentsISO31000; Sarbanes-Oxley; Summary; Chapter 3: Risk management assurance and audit; Overview; Three lines of defence; First line of defence -- Business unit staff and management; Second line of defence -- Governance, risk and compliance; Third line of defence -- Independent assurance from audit and the Board; Segregation of duties between each line; Internal vs external audit; Other forms of IT assurance; Case study; Summary; Chapter 4: Information Risks and Frameworks; Overview; What is information risk?; COBIT 5; ISO frameworks; CRAMM; Summary and key take-aways.
505	8		\|a Part II: Introduction to General IT and Management RisksChapter 5: Overview of General IT and Management Risks; Overview; Reviewing entity level controls in an IT context; What are general IT controls?; Case studies and examples of general IT controls; Outsourced arrangements; End user computing; Bring your own devices (BYOD); Case studies and examples of outsourcing; Reviewing general IT controls; Summary; Chapter 6: Security and Data Privacy; Overview; Risks; Controls; Examples of IT security controls; ISO27001; Case study examples.
505	8		\|a Documenting, assessing and testing security and confidentiality controlsSummary; Chapter 7: System Development and Change Control; Introduction; Project lifecycle overview; Project lifecycle risks; Project lifecycle controls; Project lifecycle case study examples; Project lifecycle documenting, assessing and testing controls; Change management overview and risks; Change management controls; Change management case study examples; Documenting, assessing and testing controls; Summary; Chapter 8: Service Management and Disaster Planning; Introduction; Service management overview.
505	8		\|a Disaster planningCase study examples; Summary; Part III: Introduction to Application Controls; Chapter 9: Overview of Application Controls (Integrity); Introduction; Risks; Controls; Case study examples; Documenting, assessing and testing application controls; Summary; Further reading; Part IV: Life as an Information Risk Management Specialist; Chapter 10: Planning, Running and Reviewing Information Risk Management Assignments; Overview; Stages of a review; IRM assignment planning; Conducting an IRM review; Reviewing the audit review; Ensuring action after the review; Summary.
520			\|a Providing insight into information risk management auditing for those considering a career in information risk management, and an introduction for non-specialists, such as those managing technical specialists, this book discusses the risks and controls that you may encounter when performing an audit of information risk, together with suggested mitigation approaches based on those risks and controls. -- \|c Edited summary from book.
650		0	\|a Risk management. \|0 http://id.loc.gov/authorities/subjects/sh85114200
650		0	\|a Risk management \|x Auditing.
650		6	\|a Gestion du risque.
650		7	\|a risk management. \|2 aat
650		7	\|a COMPUTERS \|x General. \|2 bisacsh
650		7	\|a Risk management \|2 fast
758			\|i has work: \|a Fundamentals of information risk management auditing (Text) \|1 https://id.oclc.org/worldcat/entity/E39PCG33djwBm4h8hyxrQBFqcP \|4 https://id.oclc.org/worldcat/ontology/hasWork
776	0	8	\|i Print version: \|z 1849288151 \|z 9781849288156 \|w (OCoLC)946161462
830		0	\|a Fundamentals of educational planning. \|0 http://id.loc.gov/authorities/names/n42011867
856	4	0	\|l FWS01 \|p ZDB-4-EBA \|q FWS_PDA_EBA \|u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1232539 \|3 Volltext
938			\|a ProQuest Ebook Central \|b EBLB \|n EBL4519666
938			\|a EBSCOhost \|b EBSC \|n 1232539
938			\|a YBP Library Services \|b YANK \|n 12979484
994			\|a 92 \|b GEBAY
912			\|a ZDB-4-EBA
049			\|a DE-863

Datensatz im Suchindex

DE-BY-FWS_katkey	ZDB-4-EBA-ocn949908718
_version_	1816882349410877440
adam_text
any_adam_object
author	Wright, Christopher (Accountant)
author_GND	http://id.loc.gov/authorities/names/no2016039322
author_facet	Wright, Christopher (Accountant)
author_role	aut
author_sort	Wright, Christopher (Accountant)
author_variant	c w cw
building	Verbundindex
bvnumber	localFWS
callnumber-first	H - Social Science
callnumber-label	HD61
callnumber-raw	HD61
callnumber-search	HD61
callnumber-sort	HD 261
callnumber-subject	HD - Industries, Land Use, Labor
collection	ZDB-4-EBA
contents	Cover; Title; Copyright; Contents; Part I: What is risk and why is it important?; Chapter 1: Risks and controls; Overview; What is risk?; Management of risk; Risk identification and awareness; Documenting risks; Assessing and monitoring risk; Categorisation; Likelihood; Impact; Risk heat maps; Controlling risk; Summary; Chapter 2: Enterprise risk management (ERM) frameworks; Overview; What is enterprise risk management?; Strategic enterprise wide management process; Identify potential risks; Significant impact; Manage them within the entity's risk appetite; Common ERM frameworks; COSO. The five componentsISO31000; Sarbanes-Oxley; Summary; Chapter 3: Risk management assurance and audit; Overview; Three lines of defence; First line of defence -- Business unit staff and management; Second line of defence -- Governance, risk and compliance; Third line of defence -- Independent assurance from audit and the Board; Segregation of duties between each line; Internal vs external audit; Other forms of IT assurance; Case study; Summary; Chapter 4: Information Risks and Frameworks; Overview; What is information risk?; COBIT 5; ISO frameworks; CRAMM; Summary and key take-aways. Part II: Introduction to General IT and Management RisksChapter 5: Overview of General IT and Management Risks; Overview; Reviewing entity level controls in an IT context; What are general IT controls?; Case studies and examples of general IT controls; Outsourced arrangements; End user computing; Bring your own devices (BYOD); Case studies and examples of outsourcing; Reviewing general IT controls; Summary; Chapter 6: Security and Data Privacy; Overview; Risks; Controls; Examples of IT security controls; ISO27001; Case study examples. Documenting, assessing and testing security and confidentiality controlsSummary; Chapter 7: System Development and Change Control; Introduction; Project lifecycle overview; Project lifecycle risks; Project lifecycle controls; Project lifecycle case study examples; Project lifecycle documenting, assessing and testing controls; Change management overview and risks; Change management controls; Change management case study examples; Documenting, assessing and testing controls; Summary; Chapter 8: Service Management and Disaster Planning; Introduction; Service management overview. Disaster planningCase study examples; Summary; Part III: Introduction to Application Controls; Chapter 9: Overview of Application Controls (Integrity); Introduction; Risks; Controls; Case study examples; Documenting, assessing and testing application controls; Summary; Further reading; Part IV: Life as an Information Risk Management Specialist; Chapter 10: Planning, Running and Reviewing Information Risk Management Assignments; Overview; Stages of a review; IRM assignment planning; Conducting an IRM review; Reviewing the audit review; Ensuring action after the review; Summary.
ctrlnum	(OCoLC)949908718
dewey-full	658.155
dewey-hundreds	600 - Technology (Applied sciences)
dewey-ones	658 - General management
dewey-raw	658.155
dewey-search	658.155
dewey-sort	3658.155
dewey-tens	650 - Management and auxiliary services
discipline	Wirtschaftswissenschaften
format	Electronic eBook
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>06127cam a2200625 i 4500</leader><controlfield tag="001">ZDB-4-EBA-ocn949908718</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr unu\|\|\|\|\|\|\|\|</controlfield><controlfield tag="008">160518s2016 enka ob 000 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">UMI</subfield><subfield code="b">eng</subfield><subfield code="e">rda</subfield><subfield code="e">pn</subfield><subfield code="c">UMI</subfield><subfield code="d">YDXCP</subfield><subfield code="d">JSTOR</subfield><subfield code="d">EBLCP</subfield><subfield code="d">N$T</subfield><subfield code="d">TEFOD</subfield><subfield code="d">COO</subfield><subfield code="d">IDB</subfield><subfield code="d">K6U</subfield><subfield code="d">OTZ</subfield><subfield code="d">LIV</subfield><subfield code="d">MERUC</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">IOG</subfield><subfield code="d">SNK</subfield><subfield code="d">DKU</subfield><subfield code="d">AUW</subfield><subfield code="d">INTCL</subfield><subfield code="d">IGB</subfield><subfield code="d">D6H</subfield><subfield code="d">VVB</subfield><subfield code="d">OCLCF</subfield><subfield code="d">VTS</subfield><subfield code="d">AGLDB</subfield><subfield code="d">G3B</subfield><subfield code="d">S8J</subfield><subfield code="d">STF</subfield><subfield code="d">OL$</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">BRF</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCQ</subfield><subfield code="d">OCLCO</subfield><subfield code="d">OCLCL</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">949326960</subfield><subfield code="a">949883744</subfield><subfield code="a">966385728</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781849288163</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">184928816X</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">1849288151</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781849288156</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)949908718</subfield><subfield code="z">(OCoLC)949326960</subfield><subfield code="z">(OCoLC)949883744</subfield><subfield code="z">(OCoLC)966385728</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">CL0500000742</subfield><subfield code="b">Safari Books Online</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">5F2B51CF-2FA5-41ED-B07B-30EE9FFE56BB</subfield><subfield code="b">OverDrive, Inc.</subfield><subfield code="n">http://www.overdrive.com</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">HD61</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM000000</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="072" ind1=" " ind2="7"><subfield code="a">COM053000</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">658.155</subfield><subfield code="2">23</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Wright, Christopher</subfield><subfield code="c">(Accountant),</subfield><subfield code="e">author.</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCjtC69VFKJHpg6Vb7yrRmm</subfield><subfield code="0">http://id.loc.gov/authorities/names/no2016039322</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Fundamentals of information risk management auditing :</subfield><subfield code="b">an introduction for managers and auditors /</subfield><subfield code="c">Christopher Wright.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Ely, Cambridgeshire, United Kingdom :</subfield><subfield code="b">IT Governance Publishing,</subfield><subfield code="c">2016.</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (1 volume) :</subfield><subfield code="b">illustrations</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="1" ind2=" "><subfield code="a">Fundamentals ;</subfield><subfield code="v">v. 6</subfield></datafield><datafield tag="588" ind1="0" ind2=" "><subfield code="a">Online resource; title from title page (Safari, viewed May 18, 2016).</subfield></datafield><datafield tag="504" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">Cover; Title; Copyright; Contents; Part I: What is risk and why is it important?; Chapter 1: Risks and controls; Overview; What is risk?; Management of risk; Risk identification and awareness; Documenting risks; Assessing and monitoring risk; Categorisation; Likelihood; Impact; Risk heat maps; Controlling risk; Summary; Chapter 2: Enterprise risk management (ERM) frameworks; Overview; What is enterprise risk management?; Strategic enterprise wide management process; Identify potential risks; Significant impact; Manage them within the entity's risk appetite; Common ERM frameworks; COSO.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">The five componentsISO31000; Sarbanes-Oxley; Summary; Chapter 3: Risk management assurance and audit; Overview; Three lines of defence; First line of defence -- Business unit staff and management; Second line of defence -- Governance, risk and compliance; Third line of defence -- Independent assurance from audit and the Board; Segregation of duties between each line; Internal vs external audit; Other forms of IT assurance; Case study; Summary; Chapter 4: Information Risks and Frameworks; Overview; What is information risk?; COBIT 5; ISO frameworks; CRAMM; Summary and key take-aways.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Part II: Introduction to General IT and Management RisksChapter 5: Overview of General IT and Management Risks; Overview; Reviewing entity level controls in an IT context; What are general IT controls?; Case studies and examples of general IT controls; Outsourced arrangements; End user computing; Bring your own devices (BYOD); Case studies and examples of outsourcing; Reviewing general IT controls; Summary; Chapter 6: Security and Data Privacy; Overview; Risks; Controls; Examples of IT security controls; ISO27001; Case study examples.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Documenting, assessing and testing security and confidentiality controlsSummary; Chapter 7: System Development and Change Control; Introduction; Project lifecycle overview; Project lifecycle risks; Project lifecycle controls; Project lifecycle case study examples; Project lifecycle documenting, assessing and testing controls; Change management overview and risks; Change management controls; Change management case study examples; Documenting, assessing and testing controls; Summary; Chapter 8: Service Management and Disaster Planning; Introduction; Service management overview.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Disaster planningCase study examples; Summary; Part III: Introduction to Application Controls; Chapter 9: Overview of Application Controls (Integrity); Introduction; Risks; Controls; Case study examples; Documenting, assessing and testing application controls; Summary; Further reading; Part IV: Life as an Information Risk Management Specialist; Chapter 10: Planning, Running and Reviewing Information Risk Management Assignments; Overview; Stages of a review; IRM assignment planning; Conducting an IRM review; Reviewing the audit review; Ensuring action after the review; Summary.</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Providing insight into information risk management auditing for those considering a career in information risk management, and an introduction for non-specialists, such as those managing technical specialists, this book discusses the risks and controls that you may encounter when performing an audit of information risk, together with suggested mitigation approaches based on those risks and controls. --</subfield><subfield code="c">Edited summary from book.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Risk management.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh85114200</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Risk management</subfield><subfield code="x">Auditing.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Gestion du risque.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">risk management.</subfield><subfield code="2">aat</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">COMPUTERS</subfield><subfield code="x">General.</subfield><subfield code="2">bisacsh</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Risk management</subfield><subfield code="2">fast</subfield></datafield><datafield tag="758" ind1=" " ind2=" "><subfield code="i">has work:</subfield><subfield code="a">Fundamentals of information risk management auditing (Text)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCG33djwBm4h8hyxrQBFqcP</subfield><subfield code="4">https://id.oclc.org/worldcat/ontology/hasWork</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="z">1849288151</subfield><subfield code="z">9781849288156</subfield><subfield code="w">(OCoLC)946161462</subfield></datafield><datafield tag="830" ind1=" " ind2="0"><subfield code="a">Fundamentals of educational planning.</subfield><subfield code="0">http://id.loc.gov/authorities/names/n42011867</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1232539</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">ProQuest Ebook Central</subfield><subfield code="b">EBLB</subfield><subfield code="n">EBL4519666</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">1232539</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">YBP Library Services</subfield><subfield code="b">YANK</subfield><subfield code="n">12979484</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection>
id	ZDB-4-EBA-ocn949908718
illustrated	Illustrated
indexdate	2024-11-27T13:27:12Z
institution	BVB
isbn	9781849288163 184928816X
language	English
oclc_num	949908718
open_access_boolean
owner	MAIN DE-863 DE-BY-FWS
owner_facet	MAIN DE-863 DE-BY-FWS
physical	1 online resource (1 volume) : illustrations
psigel	ZDB-4-EBA
publishDate	2016
publishDateSearch	2016
publishDateSort	2016
publisher	IT Governance Publishing,
record_format	marc
series	Fundamentals of educational planning.
series2	Fundamentals ;
spelling	Wright, Christopher (Accountant), author. https://id.oclc.org/worldcat/entity/E39PCjtC69VFKJHpg6Vb7yrRmm http://id.loc.gov/authorities/names/no2016039322 Fundamentals of information risk management auditing : an introduction for managers and auditors / Christopher Wright. Ely, Cambridgeshire, United Kingdom : IT Governance Publishing, 2016. 1 online resource (1 volume) : illustrations text txt rdacontent computer c rdamedia online resource cr rdacarrier Fundamentals ; v. 6 Online resource; title from title page (Safari, viewed May 18, 2016). Includes bibliographical references. Cover; Title; Copyright; Contents; Part I: What is risk and why is it important?; Chapter 1: Risks and controls; Overview; What is risk?; Management of risk; Risk identification and awareness; Documenting risks; Assessing and monitoring risk; Categorisation; Likelihood; Impact; Risk heat maps; Controlling risk; Summary; Chapter 2: Enterprise risk management (ERM) frameworks; Overview; What is enterprise risk management?; Strategic enterprise wide management process; Identify potential risks; Significant impact; Manage them within the entity's risk appetite; Common ERM frameworks; COSO. The five componentsISO31000; Sarbanes-Oxley; Summary; Chapter 3: Risk management assurance and audit; Overview; Three lines of defence; First line of defence -- Business unit staff and management; Second line of defence -- Governance, risk and compliance; Third line of defence -- Independent assurance from audit and the Board; Segregation of duties between each line; Internal vs external audit; Other forms of IT assurance; Case study; Summary; Chapter 4: Information Risks and Frameworks; Overview; What is information risk?; COBIT 5; ISO frameworks; CRAMM; Summary and key take-aways. Part II: Introduction to General IT and Management RisksChapter 5: Overview of General IT and Management Risks; Overview; Reviewing entity level controls in an IT context; What are general IT controls?; Case studies and examples of general IT controls; Outsourced arrangements; End user computing; Bring your own devices (BYOD); Case studies and examples of outsourcing; Reviewing general IT controls; Summary; Chapter 6: Security and Data Privacy; Overview; Risks; Controls; Examples of IT security controls; ISO27001; Case study examples. Documenting, assessing and testing security and confidentiality controlsSummary; Chapter 7: System Development and Change Control; Introduction; Project lifecycle overview; Project lifecycle risks; Project lifecycle controls; Project lifecycle case study examples; Project lifecycle documenting, assessing and testing controls; Change management overview and risks; Change management controls; Change management case study examples; Documenting, assessing and testing controls; Summary; Chapter 8: Service Management and Disaster Planning; Introduction; Service management overview. Disaster planningCase study examples; Summary; Part III: Introduction to Application Controls; Chapter 9: Overview of Application Controls (Integrity); Introduction; Risks; Controls; Case study examples; Documenting, assessing and testing application controls; Summary; Further reading; Part IV: Life as an Information Risk Management Specialist; Chapter 10: Planning, Running and Reviewing Information Risk Management Assignments; Overview; Stages of a review; IRM assignment planning; Conducting an IRM review; Reviewing the audit review; Ensuring action after the review; Summary. Providing insight into information risk management auditing for those considering a career in information risk management, and an introduction for non-specialists, such as those managing technical specialists, this book discusses the risks and controls that you may encounter when performing an audit of information risk, together with suggested mitigation approaches based on those risks and controls. -- Edited summary from book. Risk management. http://id.loc.gov/authorities/subjects/sh85114200 Risk management Auditing. Gestion du risque. risk management. aat COMPUTERS General. bisacsh Risk management fast has work: Fundamentals of information risk management auditing (Text) https://id.oclc.org/worldcat/entity/E39PCG33djwBm4h8hyxrQBFqcP https://id.oclc.org/worldcat/ontology/hasWork Print version: 1849288151 9781849288156 (OCoLC)946161462 Fundamentals of educational planning. http://id.loc.gov/authorities/names/n42011867 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1232539 Volltext
spellingShingle	Wright, Christopher (Accountant) Fundamentals of information risk management auditing : an introduction for managers and auditors / Fundamentals of educational planning. Cover; Title; Copyright; Contents; Part I: What is risk and why is it important?; Chapter 1: Risks and controls; Overview; What is risk?; Management of risk; Risk identification and awareness; Documenting risks; Assessing and monitoring risk; Categorisation; Likelihood; Impact; Risk heat maps; Controlling risk; Summary; Chapter 2: Enterprise risk management (ERM) frameworks; Overview; What is enterprise risk management?; Strategic enterprise wide management process; Identify potential risks; Significant impact; Manage them within the entity's risk appetite; Common ERM frameworks; COSO. The five componentsISO31000; Sarbanes-Oxley; Summary; Chapter 3: Risk management assurance and audit; Overview; Three lines of defence; First line of defence -- Business unit staff and management; Second line of defence -- Governance, risk and compliance; Third line of defence -- Independent assurance from audit and the Board; Segregation of duties between each line; Internal vs external audit; Other forms of IT assurance; Case study; Summary; Chapter 4: Information Risks and Frameworks; Overview; What is information risk?; COBIT 5; ISO frameworks; CRAMM; Summary and key take-aways. Part II: Introduction to General IT and Management RisksChapter 5: Overview of General IT and Management Risks; Overview; Reviewing entity level controls in an IT context; What are general IT controls?; Case studies and examples of general IT controls; Outsourced arrangements; End user computing; Bring your own devices (BYOD); Case studies and examples of outsourcing; Reviewing general IT controls; Summary; Chapter 6: Security and Data Privacy; Overview; Risks; Controls; Examples of IT security controls; ISO27001; Case study examples. Documenting, assessing and testing security and confidentiality controlsSummary; Chapter 7: System Development and Change Control; Introduction; Project lifecycle overview; Project lifecycle risks; Project lifecycle controls; Project lifecycle case study examples; Project lifecycle documenting, assessing and testing controls; Change management overview and risks; Change management controls; Change management case study examples; Documenting, assessing and testing controls; Summary; Chapter 8: Service Management and Disaster Planning; Introduction; Service management overview. Disaster planningCase study examples; Summary; Part III: Introduction to Application Controls; Chapter 9: Overview of Application Controls (Integrity); Introduction; Risks; Controls; Case study examples; Documenting, assessing and testing application controls; Summary; Further reading; Part IV: Life as an Information Risk Management Specialist; Chapter 10: Planning, Running and Reviewing Information Risk Management Assignments; Overview; Stages of a review; IRM assignment planning; Conducting an IRM review; Reviewing the audit review; Ensuring action after the review; Summary. Risk management. http://id.loc.gov/authorities/subjects/sh85114200 Risk management Auditing. Gestion du risque. risk management. aat COMPUTERS General. bisacsh Risk management fast
subject_GND	http://id.loc.gov/authorities/subjects/sh85114200
title	Fundamentals of information risk management auditing : an introduction for managers and auditors /
title_auth	Fundamentals of information risk management auditing : an introduction for managers and auditors /
title_exact_search	Fundamentals of information risk management auditing : an introduction for managers and auditors /
title_full	Fundamentals of information risk management auditing : an introduction for managers and auditors / Christopher Wright.
title_fullStr	Fundamentals of information risk management auditing : an introduction for managers and auditors / Christopher Wright.
title_full_unstemmed	Fundamentals of information risk management auditing : an introduction for managers and auditors / Christopher Wright.
title_short	Fundamentals of information risk management auditing :
title_sort	fundamentals of information risk management auditing an introduction for managers and auditors
title_sub	an introduction for managers and auditors /
topic	Risk management. http://id.loc.gov/authorities/subjects/sh85114200 Risk management Auditing. Gestion du risque. risk management. aat COMPUTERS General. bisacsh Risk management fast
topic_facet	Risk management. Risk management Auditing. Gestion du risque. risk management. COMPUTERS General. Risk management
url	https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=1232539
work_keys_str_mv	AT wrightchristopher fundamentalsofinformationriskmanagementauditinganintroductionformanagersandauditors

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Volltext öffnen

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge