Books in the Internal Audit and IT Audit series

Past events have shed light on the vulnerability of mission-critical computer systems at highly sensitive levels. It has been demonstrated that common hackers can use tools and techniques downloaded from the Internet to attack government and commercial information systems. Although threats may come from mischief makers and pranksters, they are more likely to result from hackers working in concert for profit, hackers working under the protection of nation states, or malicious insiders. Securing an IT Organization through Governance, Risk Management, and Audit introduces two internationally recognized bodies of knowledge: Control Objectives for Information and Related Technology (COBIT 5) from a cybersecurity perspective and the NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF). Emphasizing the processes directly related to governance, risk management, and audit, the book provides details of a cybersecurity framework (CSF), mapping each of the CSF steps and activities to the methods defined in COBIT 5. This method leverages operational risk understanding in a business context, allowing the information and communications technology (ICT) organization to convert high-level enterprise goals into manageable, specific goals rather than unintegrated checklist models. The real value of this methodology is to reduce the knowledge fog that frequently engulfs senior business management, and results in the false conclusion that overseeing security controls for information systems is not a leadership role or responsibility but a technical management task. By carefully reading, implementing, and practicing the techniques and methodologies outlined in this book, you can successfully implement a plan that increases security and lowers risk for you and your organization.

This book explores a broad cross section of research and actual case studies to draw out new insights that may be used to build a benchmark for IT security professionals. This research takes a deeper dive beneath the surface of the analysis to uncover novel ways to mitigate data security vulnerabilities, connect the dots and identify patterns in the data on breaches. This analysis will assist security professionals not only in benchmarking their risk management programs but also in identifying forward looking security measures to narrow the path of future vulnerabilities.

The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain specialized knowledge in organizational risk management. It is an all-purpose roadmap of sorts aimed at the practical understanding and implementation of the risk management process as a standard entity. It will enable an "application" of the risk management process as well as the fundamental elements of control formulation within an applied context.

Risk-based operational audits and performance audits require a broad array of competencies

Blockchain for Cybersecurity and Privacy: Architectures, Challenges, and Applications is an invaluable resource to discover the Blockchain applications for cybersecurity and privacy. The purpose of this book is to improve the awareness of readers about Blockchain technology applications for cybersecurity and privacy.

Blockchain for Cybersecurity and Privacy: Architectures, Challenges, and Applications is an invaluable resource to discover the Blockchain applications for cybersecurity and privacy. The purpose of this book is to improve the awareness of readers about Blockchain technology applications for cybersecurity and privacy.

While the Institute of Internal Auditors (IIA) has provided standards and guidelines for the practice of internal audit through the International Professional Practice Framework (IPPF), internal auditors and Chief Audit Executives (CAEs) continue to experience difficulties when attempting to balance the requirements of the IPPF with management expectations. The true challenge for any internal auditor is to appropriately apply the Standards while exerting adequate independence and objectivity in the face of management pressure. In Leading the Internal Audit Function, Lynn Fountain presents lessons learned from her extensive experience as an internal auditor, internal audit manager, and CAE to help internal auditors understand the challenges, issues, and potential alternative solutions when executing the role. The book identifies more than 50 challenges for auditors and discusses potential alternative actions the auditor can take when they experience a similar challenge. The book explains how to: Build a value-oriented function that abides by the standards and supports the objectives and goals of the organization. Execute the many aspects of the internal audit, including assurance and consulting work. Build a risk-based audit process. Develop and sustain the internal audit team. Develop and manage relationships with management and the audit committee. Manage internal audit's role in corporate governance, compliance, and fraud. Leading the Internal Audit Function includes real-life examples, scenarios, and lessons learned from internal auditors and CAEs to emphasize the importance of carefully managing all aspects of the internal audit. The author summarizes her many lessons learned into ten "commandments" for both CAEs and internal auditors. By following the guidelines in this book, you should be well-equipped to gain management support, perform effective and ethical audits, and uphold IIA Standards.

Most organizations have been caught off-guard with the proliferation of smart devices. The IT organization was comfortable supporting the Blackberry due to its ease of implementation and maintenance. But the use of Android and iOS smart devices have created a maintenance nightmare not only for the IT organization but for the IT auditors as well. This book will serve as a guide to IT and Audit professionals on how to manage, secure and audit smart device. It provides guidance on the handling of corporate devices and the Bring Your Own Devices (BYOD) smart devices.

This book focuses on the importance of software quality and security. It defines various types of testing, recognizes factors that propose value to software quality, and provides theoretical and real-world scenarios that offer value and contribute quality to projects and applications. The practical synopsis on common testing tools helps readers who are in testing jobs or those interested in pursuing careers as testers. It also helps test leaders, test managers, and others who are involved in planning, estimating, executing, and maintaining software.

Mastering the Five Tiers of Audit Competency is an anthology of powerful risk-based auditing practices. Filled with practical do and don¿t techniques, it encompasses the interpersonal aspects of risk-based auditing, not just the technical content. This book focuses on the behaviors you need to demonstrate and the habitual actions you need to take at each phase in an audit to manage relationships as well as the work itself. The book leverages The Whole Person Project, Inc.¿s 30 years¿ experience in hands-on organizational development consulting and custom designing internal audit training programs.

This book helps auditors understand the reality of performing the internal audit role and the importance of properly managing ethical standards. It provides many examples of ethical conflicts and proposes alternative actions for the internal auditor. Internal auditors are well-schooled on the IIA Standards, but the reality is that the pressure placed on internal auditors related to execution of work and upholding ethical standards can be very difficult. Regardless of best practice or theory, auditors must be personally prepared to manage through issues they run across.