IT Governance, Risk, and Compliance

Sep 27 2011   8:19PM GMT

Auditing Information Security Governance – Part II

Posted by: Robert Davis
Certified Information Systems Auditor
Certified Information Technology Professional
Certified Internal Auditor
Certified Internal Controls Auditor
Certified Public Accountant
External Audit
Information Security Governance
Internal Audit
IT Audit

Management is responsible for developing and deploying good security governance, which has been typically defined to include resilient protection regarding the IT infrastructure and related information systems supporting critical functions and business processes. Within the information security program, among the assigned responsibilities, requirements should exist to provide risk assessment and risk mitigation strategies for program management and control as well as sub-divisional risk assessments for system security. To facilitate the risk assessment process, guidance should be provided through adopted best practices. Minimally, utilized publications should document minimum baseline security requirements for the entity being audited or reviewed.

View Part I of the Auditing Information Security Governance series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: