What do you think?
Rate this book
Assuring Information Security
Information and associated technologies continue to advance toward diverse distributed configuration environments for entering, processing, storing, and retrieving data. The magnitude of changes occurring can be clearly seen in the explosion of linked IT infrastructures connected to cloud computing service providers and mobile computing devices. Consequently, the impact of such decentralization has increased the need for effective safeguarding of information assets.
Foundationally paraphrasing from Title 44, Chapter 35, Subchapter III, Section 3542(b)(1) of the United States Code; the term “information security” is defined as the protecting of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Correspondingly, as suggested in Chapter 1 of IT Assuring Information Assets Protection, information security is typically a complex and dynamic safeguarding subject. Given the descriptive attributes normally associated with information security, IT auditors usually have a vast array of sub-topics to contemplate when performing information assets protection (IAP) related audits, reviews, or agreed-upon procedures.
“Assuring Information Security” was written with the intent to create quality quick reference material for assurance service practitioners to enable addressing protection mandates. Therefore, this pocket guide is appropriate for entity employees interested in ensuring, or verifying, the design and deployment of effective information security controls. As for content; Audit Managers, Chief Security Officers, Chief Compliance Officers, Chief Information Officers, Chief Information Security Officers, Auditors, Information Technology professionals, and Control Self-Assessment personnel will find this pocket guide an informative, and authoritative, information security document.
Foundationally paraphrasing from Title 44, Chapter 35, Subchapter III, Section 3542(b)(1) of the United States Code; the term “information security” is defined as the protecting of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Correspondingly, as suggested in Chapter 1 of IT Assuring Information Assets Protection, information security is typically a complex and dynamic safeguarding subject. Given the descriptive attributes normally associated with information security, IT auditors usually have a vast array of sub-topics to contemplate when performing information assets protection (IAP) related audits, reviews, or agreed-upon procedures.
“Assuring Information Security” was written with the intent to create quality quick reference material for assurance service practitioners to enable addressing protection mandates. Therefore, this pocket guide is appropriate for entity employees interested in ensuring, or verifying, the design and deployment of effective information security controls. As for content; Audit Managers, Chief Security Officers, Chief Compliance Officers, Chief Information Officers, Chief Information Security Officers, Auditors, Information Technology professionals, and Control Self-Assessment personnel will find this pocket guide an informative, and authoritative, information security document.
ebook
First published June 18, 2012
1 person is currently reading
15 people want to read
About the author
Robert E. Davis
25 books11 followers Dr. Robert E. Davis obtained a Bachelor of Business Administration degree in Accounting and Business Law, a Master of Business Administration degree in Management Information Systems, and a Doctor of Business Administration degree in Information Systems Management from Temple, West Chester, and Walden University; respectively. In addition, during his twenty years of involvement in education, Dr. Davis acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Dr. Davis also obtained the Certified Information Systems Auditor (CISA) certificate -- after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.
Since starting his career as an information systems (IS) auditor, Dr. Davis has provided data security consulting and IS auditing services to the United States Securities and Exchange Commission, United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company and Fidelity/First Fidelity (Wells Fargo) corporations as well as other organizations; in staff through management positions.
Prior to engaging in the practice of IS auditing and information security consulting; Dr. Davis (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material. Specifically, his published credits include:
•Assuring IT Legal Compliance
•Ensuring Information Assets Protection
•IT Auditing: An Adaptive Process
•IT Auditing: Assuring Information Assets Protection
•IT Auditing: Business Continuity and Disaster Recovery
•IT Auditing: Information Assets Protection
•IT Auditing: Information Security Governance
•IT Auditing: Irregular and Illegal Acts
•IT Auditing: IT Governance
•IT Auditing: IT Service Delivery and Support
•IT Auditing: Systems and Infrastructure Life Cycle Management
•IT Auditing: The Process
Dr. Davis has authored articles addressing IT issues for The Institute of Internal Auditors, IT Governance LTD and ISACA as well as furnished Internet content to Techtarget.com, Toolbox.com and Suite101.com. Additionally, his editorial experience includes reviewing Carnegie Mellon University's technical report "Comparing eSCM-SP v2 and COBIT" and five chapters of Bloomsbury's "Effective Auditing for Corporates".
In regards to training individuals in the information systems audit process, he has provided instruction to the Data Processing Management Association, ISACA-Philadelphia Chapter CISA Review Course participants, 3rd Annual Securasia Congress delegates and an Internet CISA study group.
Based on his accomplishments, Dr. Davis has been featured in Temple University's Fox School of Business and Management Alumni Newsletter as well as The Institute for Internal Controls e-newsletter. Furthermore, he has achieved recognition as the (First and Inaugural) Temple University CISA in Residence and a Temple University Master of Science in IT Auditing and Cyber-Security Advisory Councilmen. Lastly, he has accepted invitations to join Delta Mu Delta International Honor Society, the Golden Key International Honour So
Since starting his career as an information systems (IS) auditor, Dr. Davis has provided data security consulting and IS auditing services to the United States Securities and Exchange Commission, United States Enrichment Corporation, Raytheon Company, United States Interstate Commerce Commission, Dow Jones & Company and Fidelity/First Fidelity (Wells Fargo) corporations as well as other organizations; in staff through management positions.
Prior to engaging in the practice of IS auditing and information security consulting; Dr. Davis (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material. Specifically, his published credits include:
•Assuring IT Legal Compliance
•Ensuring Information Assets Protection
•IT Auditing: An Adaptive Process
•IT Auditing: Assuring Information Assets Protection
•IT Auditing: Business Continuity and Disaster Recovery
•IT Auditing: Information Assets Protection
•IT Auditing: Information Security Governance
•IT Auditing: Irregular and Illegal Acts
•IT Auditing: IT Governance
•IT Auditing: IT Service Delivery and Support
•IT Auditing: Systems and Infrastructure Life Cycle Management
•IT Auditing: The Process
Dr. Davis has authored articles addressing IT issues for The Institute of Internal Auditors, IT Governance LTD and ISACA as well as furnished Internet content to Techtarget.com, Toolbox.com and Suite101.com. Additionally, his editorial experience includes reviewing Carnegie Mellon University's technical report "Comparing eSCM-SP v2 and COBIT" and five chapters of Bloomsbury's "Effective Auditing for Corporates".
In regards to training individuals in the information systems audit process, he has provided instruction to the Data Processing Management Association, ISACA-Philadelphia Chapter CISA Review Course participants, 3rd Annual Securasia Congress delegates and an Internet CISA study group.
Based on his accomplishments, Dr. Davis has been featured in Temple University's Fox School of Business and Management Alumni Newsletter as well as The Institute for Internal Controls e-newsletter. Furthermore, he has achieved recognition as the (First and Inaugural) Temple University CISA in Residence and a Temple University Master of Science in IT Auditing and Cyber-Security Advisory Councilmen. Lastly, he has accepted invitations to join Delta Mu Delta International Honor Society, the Golden Key International Honour So
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
No one has reviewed this book yet.