Identifying security gaps in an organisation's information systems is a first and vital step in protecting data and information. This is what makes the role of an information security (or assurance) auditor so important. However, this is a role that is often maligned as a ‘check list monkey’ who adds nothing to the business. This practical book confronts this stereotype and gives an excellent introduction to the role, covering areas such as purpose, required skills, responsibilities, interface and career progression as well as tools, standards and frameworks related to the role. Based on the author's extensive experience, it gives practical guidance to those new to the role or interested in developing a better understanding of what it entails.
Wendy Goucher is a senior security consultant. Most of her work is focused on working with organisations to devise policy and procedures that are both compliant with external rules and operationally effective. This can be an interesting balancing act for which her first degree in psychology is useful.
'A refreshingly good book - easy to read with excellent guidance for both budding auditors and auditees. Wendy’s outline of a model Information Security Auditor outlines both the technical and personal skills required to succeed and it is her attention to the personal skill sets that is unique in this book.'
Vernon Poole, CISM, CGEIT & CRISC - Head of Business Consultancy, Sapphire
''I believe that the book could be a useful little primer for a very important position within the IT Security field.''
Anthony Sutcliffe, PG Dip CCI, MBCS
2. Overview of the field
3. The Role of Information Assurance Auditor
4 Building a Model Information Assurance Auditor
5. Interface and dependencies
6. Tools, methods and techniques
7. Career progression and related roles
8. Case study ‘A day in the life of an auditor’
9. And so