A Comprehensive Guide to Information Security Management and Audit

The text is written to provide readers with a comprehensive study of information security and management system, audit planning and preparation, audit techniques and collecting evidence, international information security (ISO) standard 27001, and asset management. It further discusses important topics such as security mechanisms, security standards, audit principles, audit competence and evaluation methods, and the principles of asset management. It will serve as an ideal reference text for senior undergraduate, graduate students, and researchers in fields including electrical engineering, electronics and communications engineering, computer engineering, and information technology.

The book explores information security concepts and applications from an organizational information perspective and explains the process of audit planning and preparation. It further demonstrates audit techniques and collecting evidence to write important documentation by following the ISO 27001 standards.

The book:

• Elaborates on the application of confidentiality, integrity, and availability (CIA) in the area of audit planning and preparation
• Covers topics such as managing business assets, agreements on how to deal with business assets, and media handling
• Demonstrates audit techniques and collects evidence to write the important documentation by following the ISO 27001 standards
• Explains how the organization’s assets are managed by asset management, and access control policies
• Presents seven case studies