Bøger i Internal Audit and IT Audit serien

This book explores a broad cross section of research and actual case studies to draw out new insights that may be used to build a benchmark for IT security professionals. This research takes a deeper dive beneath the surface of the analysis to uncover novel ways to mitigate data security vulnerabilities, connect the dots and identify patterns in the data on breaches. This analysis will assist security professionals not only in benchmarking their risk management programs but also in identifying forward looking security measures to narrow the path of future vulnerabilities.

This book addresses the practice of internal auditing using GAAS (Generally Accepted Auditing Standards), GAGAS (Generally Accepted Government Auditing Standards) and International Standards for the Professional Practice of Internal Auditing (Standards) as enunciated by the IIA.

This book presents ideas and concepts of optimization designed to improve an organization¿s business processes and assist business units in meeting organizational goals more effectively. Rather than focus on specific technologies, computing environments, enterprise risks, resource programs, or infrastructure, the book focuses on organizational processes. Throughout the book, the author presents concerns and environments encountered throughout his career to demonstrate issues and explain how he successfully implemented the tools presented in the book.

This book illustrates the importance of business impact analysis, which covers risk assessment, and moves towards better understanding of the business environment, industry specific compliance, legal and regulatory landscape and the need for business continuity.

Blockchain for Cybersecurity and Privacy: Architectures, Challenges, and Applications is an invaluable resource to discover the Blockchain applications for cybersecurity and privacy. The purpose of this book is to improve the awareness of readers about Blockchain technology applications for cybersecurity and privacy.

Blockchain for Cybersecurity and Privacy: Architectures, Challenges, and Applications is an invaluable resource to discover the Blockchain applications for cybersecurity and privacy. The purpose of this book is to improve the awareness of readers about Blockchain technology applications for cybersecurity and privacy.

This book provides practitioners with strategies and tools for establishing and maintaining a successful, value-centric internal audit organization.

This book introduces, defines, and discusses two core factors of IoT Systems implementation success: Return On Investment (ROI) and impacts to a city's cyber risk profile. It combines practical action items for practitioners as well as a basis for language and communication for ongoing strategy, planning, and operational needs.

An information security operations involves monitoring, assessing, and defending enterprise information systems. For organizations without a formalized incident-handling capability, the creation from scratch of a security operations center that enables centralized visibility, alerting and investigation can be a daunting task. But fortunately organizations don¿t need a room full of security experts and an investment of millions of dollars in security systems to make progress here. This book explains how to develop an effective security operations center (SOC) and provides a roadmap for continuously evolving this capability to keep pace with the tactics of the adversaries.

This book presents a standard methodology approach to cyber-resilience. Readers will learn how to design a cyber-resilient architecture for a given organization as well as how to maintain a state of cyber-resilience in its day-to-day operation.

This book consists of 100 topics, concepts, tips, tools and techniques that relate to how internal auditors interact with internal constitutencies and addresses a variety of technical and non-technical subjects.

This book helps auditors understand the reality of performing the internal audit role and the importance of properly managing ethical standards. It provides many examples of ethical conflicts and proposes alternative actions for the internal auditor. Internal auditors are well-schooled on the IIA Standards, but the reality is that the pressure placed on internal auditors related to execution of work and upholding ethical standards can be very difficult. Regardless of best practice or theory, auditors must be personally prepared to manage through issues they run across.

Risk-based operational audits and performance audits require a broad array of competencies

This book compares and contrasts the approach to project management using ISO 21500 against the more direct ISO 33000 Capability Assessment. It shows how to assess projects adequately for process improvement or how well an organization performs against a standard, measurable framework.

A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0) presents a comprehensive discussion of the NICE framework, the National Institute of Standards and Technology (NIST), and the Department of Homeland Security (DHS). It discusses in detail the relationship between the NICE framework and the NIST¿s cybersecurity framework (CSF), showing how the NICE model specifies what the particular specialty area of the workforce should be doing in order to ensure that the CSF¿s identification, protection, defense, response, or recovery functions are being carried out properly.

This book illustrates the importance of business impact analysis, which covers risk assessment, and moves towards better understanding of the business environment, industry specific compliance, legal and regulatory landscape and the need for business continuity.

The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an "application" of the risk management process as well as the fundamental elements of control formulation within an applied context.

This book addresses the practice of internal auditing using GAAS (Generally Accepted Auditing Standards), GAGAS (Generally Accepted Government Auditing Standards) and International Standards for the Professional Practice of Internal Auditing (Standards) as enunciated by the IIA.

Most organizations have been caught off-guard with the proliferation of smart devices. The IT organization was comfortable supporting the Blackberry due to its ease of implementation and maintenance. But the use of Android and iOS smart devices have created a maintenance nightmare not only for the IT organization but for the IT auditors as well. This book will serve as a guide to IT and Audit professionals on how to manage, secure and audit smart device. It provides guidance on the handling of corporate devices and the Bring Your Own Devices (BYOD) smart devices.

There are many webinars and training courses on Data Analytics for Internal Auditors, but no handbook written from the practitionerΓÇÖs viewpoint covering not only the need and the theory, but a practical hands-on approach to conducting Data Analytics. The spread of IT systems makes it necessary that auditors as well as management have the ability to examine high volumes of data and transactions to determine patterns and trends. The increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools. This book takes an auditor from a zero base to an ability to professionally analyze corporate data seeking anomalies.

This book explores a broad cross section of research and actual case studies to draw out new insights that may be used to build a benchmark for IT security professionals. This research takes a deeper dive beneath the surface of the analysis to uncover novel ways to mitigate data security vulnerabilities, connect the dots and identify patterns in the data on breaches. This analysis will assist security professionals not only in benchmarking their risk management programs but also in identifying forward looking security measures to narrow the path of future vulnerabilities.

Past events have shed light on the vulnerability of mission-critical computer systems at highly sensitive levels. It has been demonstrated that common hackers can use tools and techniques downloaded from the Internet to attack government and commercial information systems. Although threats may come from mischief makers and pranksters, they are more likely to result from hackers working in concert for profit, hackers working under the protection of nation states, or malicious insiders. Securing an IT Organization through Governance, Risk Management, and Audit introduces two internationally recognized bodies of knowledge: Control Objectives for Information and Related Technology (COBIT 5) from a cybersecurity perspective and the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF). Emphasizing the processes directly related to governance, risk management, and audit, the book provides details of a cybersecurity framework (CSF), mapping each of the CSF steps and activities to the methods defined in COBIT 5. This method leverages operational risk understanding in a business context, allowing the information and communications technology (ICT) organization to convert high-level enterprise goals into manageable, specific goals rather than unintegrated checklist models. The real value of this methodology is to reduce the knowledge fog that frequently engulfs senior business management, and results in the false conclusion that overseeing security controls for information systems is not a leadership role or responsibility but a technical management task. By carefully reading, implementing, and practicing the techniques and methodologies outlined in this book, you can successfully implement a plan that increases security and lowers risk for you and your organization.

This book helps auditors understand the reality of performing the internal audit role and the importance of properly managing ethical standards. It provides many examples of ethical conflicts and proposes alternative actions for the internal auditor. Internal auditors are well-schooled on the IIA Standards, but the reality is that the pressure placed on internal auditors related to execution of work and upholding ethical standards can be very difficult. Regardless of best practice or theory, auditors must be personally prepared to manage through issues they run across.

Mastering the Five Tiers of Audit Competency is an anthology of powerful risk-based auditing practices. Filled with practical do and don¿t techniques, it encompasses the interpersonal aspects of risk-based auditing, not just the technical content. This book focuses on the behaviors you need to demonstrate and the habitual actions you need to take at each phase in an audit to manage relationships as well as the work itself. The book leverages The Whole Person Project, Inc.¿s 30 years¿ experience in hands-on organizational development consulting and custom designing internal audit training programs.