Information Security Management and Auditing

  1. Information Security Auditing Fundamentals
    1. Audit Concepts and Principles
      1. Audit Definition and Purpose
        1. Audit Objectives and Scope
          1. Audit Standards and Guidelines
            1. Professional Ethics in Auditing
            2. Types of Security Audits
              1. Internal Audits
                1. First-Party Audits
                  1. Self-Assessment Programs
                    1. Internal Audit Functions
                    2. External Audits
                      1. Second-Party Audits
                        1. Third-Party Audits
                          1. Regulatory Audits
                          2. Compliance Audits
                            1. Regulatory Compliance
                              1. Contractual Compliance
                                1. Standard Compliance
                                2. Operational Audits
                                  1. Process Effectiveness
                                    1. Control Efficiency
                                      1. Performance Assessment
                                    2. Audit Planning and Preparation
                                      1. Audit Scope Definition
                                        1. Scope Boundaries
                                          1. Audit Criteria Selection
                                            1. Resource Requirements
                                            2. Risk-Based Audit Planning
                                              1. Risk Assessment for Auditing
                                                1. Audit Priority Setting
                                                  1. Sampling Strategy
                                                  2. Audit Team Assembly
                                                    1. Team Composition
                                                      1. Competency Requirements
                                                        1. Independence Considerations
                                                        2. Audit Program Development
                                                          1. Audit Procedures Design
                                                            1. Testing Approach
                                                              1. Documentation Requirements

                                                          Previous

                                                          5. Business Continuity and Incident Management

                                                          Go to top

                                                          Next

                                                          7. Audit Execution and Evidence Collection