Online Store | Product Details
 
All prices are listed in US Dollars

 
*WEB DOWNLOAD* Audit/Assurance Program: Information Security Management
by ISACA
 
 
Format:Document Download
Number of pages:38 pages
Date published:2010
Product Code:WAPISM
 
Member price:
$0.00
Non-member price: $45.00
Your price: $45.00
 Product In Stock
 
 


DESCRIPTION

ISACA members Complimentary Download

In addition to being available to ISACA members as a complimentary download nonmembers of ISACA can purchase this Word file for immediate download after your online credit card payment is complete.

The audit/assurance program is a tool and template to be used as a road map for the completion of a specific assurance process. ISACA has commissioned audit/assurance programs to be developed for use by IT audit and assurance professionals with the requisite knowledge of the subject matter under review, as described in ITAF section 2200 - General Standards. The audit/assurance programs are part of ITAF section 4000 - IT Assurance Tools and Techniques.

Objective - The information security management audit/assurance review will:

  • Provide management with an assessment of the effectiveness of the information security management function
  • Evaluate the scope of the information security management organization and determine whether essential security functions are being addresses effectively
  • It is not designed to replace or focus on audits that provide assurance of specific configurations or operational processes.

    Scope - The review will focus on:

  • Information Security Management - Processes associated with governance, policy, monitoring, incident management and management of the information security function
  • Information Security Operations Management - Processes associated with the implementation of security configurations
  • Information Security Technology Management - Processes associated with the selection and maintenance of security technologies
  • To ensure a comprehensive audit of information security management, it is recommended that the following audit/assurance reviews be performed prior to the execution of the information security management review and that appropriate reliance be placed on these assessments:

  • Identity management
  • Security incident management
  • Network perimeter security
  • Systems development
  • Project management
  • IT risk management
  • Data management
  • Vulnerability management
  • IT audit and assurance professionals are expected to customize this document to the environment in which they are performing an assurance process. This document is to be used as a review tool and starting point. It may be modified by the IT audit and assurance professional; it is not intended to be a checklist or questionnaire. It is assumed that the IT audit and assurance professional holds the Certified Information Systems Auditor (CISA) designation, or has the necessary subject matter expertise required to conduct the work and is supervised by a professional with the CISA designation and/or necessary subject matter expertise to adequately review the work performed.

    TOPIC
    >Published by ISACA,ITAF,COBIT 4.1,Information Security Governance



    All prices are listed in US Dollars