IT Governance, Risk, and Compliance

Sep 30 2011   8:54PM GMT

Auditing Information Security Governance – Part III

Robert Davis Robert Davis Profile: Robert Davis

Reflective of ISACA standards and guidelines, the IT audit process should be replicated within for-profit and not-for-profit entities. Foundational assurance topics which should be considered from a management perspective are presented within the Information Technology Governance Institute’s Information Security Governance: Guidance for Boards of Directors and Executive Management monograph. However, an audit committee’s perceived mandate and mission may affect the approach variability of the Information Security Governance (ISG) audit or review. Furthermore, the ISG audit or review approach may diverge according to ambit and resources applied. Lastly, ISG audit or review evaluation criteria may also fluctuate due to audit objectives. For example, the ISG audit assessment paradigm may be based on performance and/or compliance expectations.

View Part I of the Auditing Information Security Governance series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: