Fundamentals of Information Risk Management Auditing by Wright Chris
Author:Wright, Chris
Language: eng
Format: epub
ISBN: 9781849288187
Publisher: IT Governance Publishing
Published: 2016-04-18T16:00:00+00:00
CHAPTER 6: SECURITY AND DATA PRIVACY
Overview
There is increasing awareness in the media and elsewhere of cyber terrorism and cyber crime. These are very real risks. Less publicised are the internal risks of data loss – through deliberate action or simple carelessness/lack of understanding of the risks. I like ISACA’s definition of information security. It defines information security as something that:
“Ensures that within the enterprise, information is protected against disclosure to unauthorised users (confidentiality), improper modification (integrity) and non-access when required (availability).”
This definition clearly makes it the responsibility of the organisation to protect its information, in the same way as it would any other asset and clearly defines loss in this context.
The area of IT/information security is one where much has been written and it is not my intention to give a full or technically detailed account. What I can do is to give you the basics so that you can conduct an audit or review. For example, you may need to know the distinction between information security and IT security, as these two terms are often confused. Information security looks at all information whether processed manually or on IT systems, whilst IT security addresses the specific technology controls required to support information security.
Many IRM specialists specialise in this single field – why? Because it represents the main area people think of in information risk. There are so many media articles about hacking cases, threats from governments or terrorist organisations, etc. There are also data privacy regulations to consider and initiatives, such as cyber security. The IRM audit specialist needs a basic understanding of the concepts of IT and information security and often sits as an interpreter or go between, bringing the deeper security specialists together with the rest of the business. Whilst the technical aspects can be very involved, IT security is not just about ticking checklists – it’s about changing behaviours and culture so that users are aware of the potential for phishing/social engineering and the need to act as the first line of defence against potential threats and vulnerabilities.
Like all areas of information risk, it should start with a consideration of risks and controls and then develop into how we approach our audit.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Personalized inhaled bacteriophage therapy for treatment of multidrug-resistant Pseudomonas aeruginosa in cystic fibrosis by unknow(179400)
CONSORT 2025 statement: updated guideline for reporting randomized trials by unknow(87930)
Critical evaluation of the ProfiLER-02 study design and outcomes by Vivek Subbiah & Razelle Kurzrock(87489)
Cardiac gene therapy makes a comeback by Oliver J. Müller & Susanne Hille & Anca Kliesow Remes(87284)
Whisky: Malt Whiskies of Scotland (Collins Little Books) by dominic roskrow(74447)
Unveiling the design rules for tunable emission in graphene quantum dots: A high-throughput TDDFT and machine learning perspective by Şener Özönder & Mustafa Coşkun Özdemir & Caner Ünlü(50900)
A yeast-based oral therapeutic delivers immune checkpoint inhibitors to reduce intestinal tumor burden by unknow(40267)
Covalent hitchhikers guide proteins to the nucleus by Alexander F. Russell & Madeline F. Currie & Champak Chatterjee(40218)
Meet the Authors: Christopher R. Mansfield and Emily R. Derbyshire by Christopher R. Mansfield & Emily R. Derbyshire(40100)
Alkaline-earth metals promote propane dehydrogenation with carbon dioxide through geometric effects: Altering the reaction pathway by unknow(32738)
Induced iron vacancies boosting FeOOH loaded on sustainable Fenton-like collagen fiber membrane for efficient removal of emerging contaminants by unknow(32514)
Efficient electric-field-assisted photochemical conversion of methane to n-propanol exclusively over penetrated TiO2Ti hollow fibers by Guanghui Feng(32458)
Bi2SiO5 nanosheets as piezo-photocatalyst for efficient degradation of 2,4-Dichlorophenol by Hangyu Shi & Yifu Li & Lishan Zhang & Guoguan Liu & Qian Zhang & Xuan Ru & Shan Zhong(32395)
A novel NDIPTA organic heterojunction photocatalyst with built-in electric field for efficient hydrogen production by Jiahui Yang & Baojun Ma & Yongfa Zhu(32368)
Enhanced conversion of methane to liquid-phase oxygenates via hollow ferrite nanotube@horseradish peroxidase based photoenzymatic catalysis by Jun Duan & Shiying Fan & Xinyong Li & Shaomin Liu(32334)
Ordered macroporous superstructure of defective carbon adorned with tiny cobalt sulfide for selective electrocatalytic hydrogenation of cinnamaldehyde by Xiao-Shi Yuan & Sheng-Hua Zhou & San-Mei Wang & Wenbo Wei & Xiaofang Li & Xin-Tao Wu & Qi-Long Zhu(32261)
What's Done in Darkness by Kayla Perrin(27155)
Topological analysis of non-conjugated ethylene oxide cored dendrimers decorated with tetraphenylethylene: Insights from degree-based descriptors using the polynomial approach by A Theertha Nair & D Antony Xavier & Annmaria Baby & S Akhila(26536)
Investigation of mechanical and self-healing properties of hydroxyl-terminated polybutadiene functionalized with 2-ureido-4-pyrimidinone by Mohsen Kazazi & Mehran Hayaty & Ali Mousaviazar(26463)
