LEADER 00000cam  2200493Ii 4500 
001    ocn949908718 
003    OCoLC 
005    20171030052937.9 
006    m     o  d         
007    cr unu|||||||| 
008    160518s2016    enka    ob    000 0 eng d 
019    949326960|a949883744|a966385728 
020    9781849288163|q(electronic bk.) 
020    184928816X|q(electronic bk.) 
035    (OCoLC)949908718|z(OCoLC)949326960|z(OCoLC)949883744
       |z(OCoLC)966385728 
040    UMI|beng|erda|epn|cUMI|dYDXCP|dJSTOR|dEBLCP|dN$T|dTEFOD
       |dCOO|dIDB|dK6U|dOTZ|dLIV|dMERUC|dOCLCQ 
049    GTKE 
050  4 HD61 
082 04 658.155|223 
100 1  Wright, Christopher|c(Accountant),|eauthor. 
245 10 Fundamentals of information risk management auditing :|ban
       introduction for managers and auditors /|cChristopher 
       Wright. 
264  1 Ely, Cambridgeshire, United Kingdom :|bIT Governance 
       Publishing,|c2016. 
300    1 online resource (1 volume) :|billustrations. 
336    text|btxt|2rdacontent 
337    computer|bc|2rdamedia 
338    online resource|bcr|2rdacarrier 
490 1  Fundamentals ;|vv. 6 
504    Includes bibliographical references. 
505 0  Cover; Title; Copyright; Contents; Part I: What is risk 
       and why is it important?; Chapter 1: Risks and controls; 
       Overview; What is risk?; Management of risk; Risk 
       identification and awareness; Documenting risks; Assessing
       and monitoring risk; Categorisation; Likelihood; Impact; 
       Risk heat maps; Controlling risk; Summary; Chapter 2: 
       Enterprise risk management (ERM) frameworks; Overview; 
       What is enterprise risk management?; Strategic enterprise 
       wide management process; Identify potential risks; 
       Significant impact; Manage them within the entity's risk 
       appetite; Common ERM frameworks; COSO. 
505 8  The five componentsISO31000; Sarbanes-Oxley; Summary; 
       Chapter 3: Risk management assurance and audit; Overview; 
       Three lines of defence; First line of defence -- Business 
       unit staff and management; Second line of defence -- 
       Governance, risk and compliance; Third line of defence -- 
       Independent assurance from audit and the Board; 
       Segregation of duties between each line; Internal vs 
       external audit; Other forms of IT assurance; Case study; 
       Summary; Chapter 4: Information Risks and Frameworks; 
       Overview; What is information risk?; COBIT 5; ISO 
       frameworks; CRAMM; Summary and key take-aways. 
505 8  Part II: Introduction to General IT and Management 
       RisksChapter 5: Overview of General IT and Management 
       Risks; Overview; Reviewing entity level controls in an IT 
       context; What are general IT controls?; Case studies and 
       examples of general IT controls; Outsourced arrangements; 
       End user computing; Bring your own devices (BYOD); Case 
       studies and examples of outsourcing; Reviewing general IT 
       controls; Summary; Chapter 6: Security and Data Privacy; 
       Overview; Risks; Controls; Examples of IT security 
       controls; ISO27001; Case study examples. 
505 8  Documenting, assessing and testing security and 
       confidentiality controlsSummary; Chapter 7: System 
       Development and Change Control; Introduction; Project 
       lifecycle overview; Project lifecycle risks; Project 
       lifecycle controls; Project lifecycle case study examples;
       Project lifecycle documenting, assessing and testing 
       controls; Change management overview and risks; Change 
       management controls; Change management case study 
       examples; Documenting, assessing and testing controls; 
       Summary; Chapter 8: Service Management and Disaster 
       Planning; Introduction; Service management overview. 
505 8  Disaster planningCase study examples; Summary; Part III: 
       Introduction to Application Controls; Chapter 9: Overview 
       of Application Controls (Integrity); Introduction; Risks; 
       Controls; Case study examples; Documenting, assessing and 
       testing application controls; Summary; Further reading; 
       Part IV: Life as an Information Risk Management 
       Specialist; Chapter 10: Planning, Running and Reviewing 
       Information Risk Management Assignments; Overview; Stages 
       of a review; IRM assignment planning; Conducting an IRM 
       review; Reviewing the audit review; Ensuring action after 
       the review; Summary. 
520    Providing insight into information risk management 
       auditing for those considering a career in information 
       risk management, and an introduction for non-specialists, 
       such as those managing technical specialists, this book 
       discusses the risks and controls that you may encounter 
       when performing an audit of information risk, together 
       with suggested mitigation approaches based on those risks 
       and controls. --|cEdited summary from book. 
588 0  Online resource; title from title page (Safari, viewed May
       18, 2016). 
650  0 Risk management. 
650  0 Risk management|xAuditing. 
650  7 COMPUTERS|xGeneral.|2bisacsh 
776 08 |iPrint version:|z1849288151|z9781849288156
       |w(OCoLC)946161462 
830  0 Fundamentals of educational planning. 
914    ocn949908718 
994    92|bGTK