Sale!

Auditing Information and Cyber Security Governance A Controls Based Approach 1st edition by Robert Davis 1000416127 9781000416121

Name: Auditing Information and Cyber Security Governance A Controls Based Approach 1st edition by Robert Davis 1000416127 9781000416121
SKU: EB-20148
Availability: InStock

Original price was: $50.00.Current price is: $35.00.

Authors:Robert E. Davis , Series:Cyber Security [366] , Tags:Security Governance; Organizational Employees; External Organizational Actors; Cyber Security Governance Audit , Author sort:Davis, Robert E. , Ids:DOI , Languages:Languages:eng , Published:Published:Mar 2021 , Publisher:CRC Press , Comments:Comments:A comprehensive entity security program deploys information asset protection through stratified technological and non-technological controls. Controls are necessary for counteracting threats, opportunities, and vulnerabilities risks in a manner that reduces potential adverse effects to defined, acceptable levels. This book presents a methodological approach in the context of normative decision theory constructs and concepts with appropriate reference to standards and the respective guidelines. Normative decision theory attempts to establish a rational framework for choosing between alternative courses of action when the outcomes resulting from the selection are uncertain. Through the methodological application, decision theory techniques can provide objectives determination, interaction assessments, performance estimates, and organizational analysis. A normative model prescribes what should exist according to an assumption or rule.

SKU: EB-20148 Category: eBook PDF Tags: Auditing Information, Controls Based Approach, Cyber Security, Governance, Robert Davis

Description

Auditing Information and Cyber Security Governance; A Controls-Based Approach 1st edition by Robert E. Davis 1000416127 9781000416121 – Ebook PDF Instant Download/DeliveryISBN:

Full download Auditing Information and Cyber Security Governance; A Controls-Based Approach 1st edition after payment.

Product details:

ISBN-10 : 1000416127

ISBN-13 : 9781000416121

Author : Robert Davis

“A much-needed service for society today. I hope this book reaches information managers in the organization now vulnerable to hacks that are stealing corporate information and even holding it hostage for ransom.” – Ronald W. Hull, author, poet, and former professor and university administrator A comprehensive entity security program deploys information asset protection through stratified technological and non-technological controls. Controls are necessary for counteracting threats, opportunities, and vulnerabilities risks in a manner that reduces potential adverse effects to defined, acceptable levels. This book presents a methodological approach in the context of normative decision theory constructs and concepts with appropriate reference to standards and the respective guidelines. Normative decision theory attempts to establish a rational framework for choosing between alternative courses of action when the outcomes resulting from the selection are uncertain. Through the methodological application, decision theory techniques can provide objectives determination, interaction assessments, performance estimates, and organizational analysis. A normative model prescribes what should exist according to an assumption or rule.

Auditing Information and Cyber Security Governance; A Controls-Based Approach 1st Table of contents:

1 Security Governance
Abstract
Introduction
Governance Perspectives
Rational Management
Applied Technology
Security Program Evolution
Information Security Infrastructure Management
Information Security Service Management
Information Security Governance
Framing Governance
Tier One Governance
Tier Two Governance
Tier Three Governance
Security Governance Fusion
Cyber Security Service Delivery for IT
Cyber Security Service Support for IT
Security Governance Insights
Formal Authority
Interpersonal Roles
Informational Roles
Decisional Roles
References
Recommended Reading
2 Security Governance Environment
Abstract
Introduction
Entity-Centric Considerations
Entity Control Environment
Domain Convergence Effects
Entity Risk Determinants
Legal Issues
Managerial Practices
Control Inscriptions
Technology Deployments
References
Recommended Reading
3 Security Governance Management
Abstract
Introduction
Planning
Security Risk Assessment
Control Objective Selection
Control Goal Selection
Organizing
Orchestrating
Directing
Controlling
References
Recommended Reading
Appendix: Information Protection Classifications with Criteria and Definitions
4 Security Governance Processes
Abstract
Introduction
Framing Information Security Governance
Tier Four Strategic Alignment
Tier Four Value Delivery
Tier Four Risk Management
Tier Four Resource Management
Tier Four Performance Measurement
References
Recommended Reading
Appendix: Control Evaluation Worksheets
5 Organizational Employees
Abstract
Introduction
Responsibility Delegation
Access Controls
Power Granting
Workplace Irregularities and Illegal Acts
IT Incident Response Team
Education, Training, and Awareness
IT Audit Team
Planning Activities
Study and Evaluation Activities
Testing Activities
Reporting Activities
Follow-Up Activities
References
Recommended Reading
6 External Organizational Actors
Abstract
Introduction
Supply Chain Partners
Information Sharing
Knowledge Sharing
Supply Chain Logistics
Managed Service Providers
Service Provider Audit
IT Audit Planning
IT Audit Study and Evaluation of Controls
IT Audit Testing of Controls
IT Audit Report on Controls
IT Audit Follow-Up
References
Recommended Reading
7 Information Security Governance Audit
Abstract
Introduction
ISG Audit Planning Process
Control Assessment
Audit Risk Assessment
ISG Audit Study and Evaluation of Controls
Information Security Strategic Alignment
Information Security Value Delivery
Information Security Risk Management
Information Security Resource Management
Information Security Performance Management and Measurement
Other Auditable Information Security Units
ISG Audit Testing and Evaluation of Controls
Information Security Compliance Testing
Information Security Substantive Testing
Information Security Evidence Assessment
ISG Audit Control Reporting
Unqualified Opinion
Qualified Opinion
Adverse Opinion
Disclaimer Opinion
Degree of Correspondence
Engagement Report Structuring
ISG Audit Follow-Up
ISG Audit Follow-Up Responsibilities
General ISG Audit Follow-Up Activities
References
Recommended Reading
Appendix A: Control Environment Characteristics – Internal Policies Matrix
Appendix B: Entity Culture – Audit Area Personnel Matrix
Appendix C: ISG Audit Risk Assessment Template
Appendix D: Testing Methodology Options Table
Appendix E: Sampling Selection Options Table
8 Cyber Security Governance Audit
Abstract
Introduction
CSG Audit Planning Process
Control Assessment
Audit Risk Assessment
CSG Audit Study and Evaluation of Controls
Cybersecurity Access Management
Cybersecurity Network Infrastructure
Cybersecurity Risk Analysis
Cybersecurity Environmental Controls
Cybersecurity Confidential Information Assets
CSG Audit Testing and Evaluation of Controls
Cybersecurity Compliance Testing
Cybersecurity Substantive Testing
Cybersecurity Evidence Assessment
CSG Audit Control Reporting
Unqualified Opinion
Qualified Opinion
Adverse Opinion
Disclaimer Opinion
Degree of Correspondence
Engagement Report Structuring
CSG Audit Follow-Up
CSG Audit Follow-Up Responsibilities
General CSG Audit Follow-Up Activities

People also search for Auditing Information and Cyber Security Governance; A Controls-Based Approach 1st:

cyber auditing

what is auditing in cyber security

information security auditing

cyber security governance audit

auditing cybersecurity