Auditors are humans - use their skill to improve your information security
BCS publishes Information Security Auditor role book
Information assurance auditors need to hear what is being said - as well as what is not being said - according to the Information Security Auditor - the latest role book to be published by BCS, The Chartered Institute for IT.
The book emphasises the importance of communication skills, both talking and listening; as important qualities for those working in the IS audit profession.
Author, Wendy Goucher explains: “The role of an information security (or assurance) auditor is very important, and identifying security gaps in an organisation's information systems can be a vital step in protecting data and information. In order to do this successfully an auditor needs to hear what is being said - as well as what is not being said. They also need to be up to date with standards and changes in the workplace, as well as with the way people work. A good auditor will help organisations find ways to reduce or mitigate new risks to the business, by drawing on their own experience and that of others they meet or read about.”
Based on the author's extensive experience, the book gives practical guidance to those new to the role or interested in developing a better understanding of what it entails. It provides an excellent introduction to the role, covering areas such as purpose, required skills, responsibilities, interface and career progression as well as tools, standards and frameworks related to the role.
Wendy advises that in order to get the most out of an information security audit, auditors and those working with them, need to understand the value they bring to the business, and offers the following top tips:
- Understand why audit is important for that business at that time.
- Understand any background pressures or context which may affect the audit.
- Plan, do, check and act your audit.
- Ensure that the audit has the support of board level management.
- Understand the business and any operational pressures.
- Auditors are humans, use their skill to improve your information security.
Vernon Poole, CISM, CGEIT & CRISC - Head of Business Consultancy, Sapphire describes Information Security Auditor as: “A refreshingly good book - easy to read with excellent guidance for both budding auditors and auditees. Wendy’s outline of a model Information Security Auditor outlines both the technical and personal skills required to succeed and it is her attention to the personal skill sets that is unique in this book.”
About the author:
Wendy Goucher is a specialist information security consultant. Most of her work is focused on working with organisations to devise policy and procedures that are both compliant with external rules and operationally effective. This can be an interesting balancing act for which her first degree in business-focused social science with a core of psychology is useful.
About the book:
Published: March 2016
Price: UK: £19.99 EU: €26.99 USD: $30.99
The book is available from the BCS Bookshop
Latest News from
Right decision to delay central NHS digital database, says BCS09/06/2021 15:15:00
The government has taken the right decision to delay the creation of a central NHS digital database from GP records in England by two months, according to the professional body for IT. BCS, The Chartered Institute for IT was amongst several organisations, including the British Medical Association, the Royal College of GPs, and the NHS itself, that raised concerns about its introduction on July 1st.
NHS' lack of communication with patients over plans to share their data is 'astonishing', warns Chartered Institute for IT04/06/2021 14:25:00
Most of the 55m patients whose GP records will soon be shared with third parties will be unaware of the plan due to a ‘total lack of engagement’ by NHS Digital, the professional body for the IT industry warned today.
'Computer always right' law must be revisited to avoid another Post Office scandal, says Institute for IT01/06/2021 14:10:00
A law assuming computer evidence is reliable – and which saw subpostmasters prosecuted by the Post Office – must be revisited to avoid more miscarriages of justice, the professional body for the IT industry has said.
Degree apprenticeships in Computer Science a top pick for students28/05/2021 14:10:00
Computer Science degree apprenticeships are a popular choice for students heading to university, according to a poll by UCAS of students applying to study in 2022.
Tight guidelines needed to make sure new Online Safety law is a success, says professional body for IT13/05/2021 15:43:00
The government needs to be clear about what makes online material harmful, if new laws are to be effective, says BCS, The Chartered Institute for IT.
BCS celebrates 50 years of Distinguished Fellows award with call for diversity in nominations13/05/2021 09:20:00
The professional body for the IT Industry is marking the 50th anniversary of its Distinguished Fellowship award, whose previous recipients include Sophie Wilson, who helped design the BBC Micro-computer.
Queen’s Speech: Adult skills boost a step in the right direction says BCS12/05/2021 12:05:00
Government plans, outlined in yesterday's Queen's Speech, to introduce a Lifetime Skills Guarantee, is a significant step in the right direction to address the digital skills gap, says the professional body for the IT industries.
NHS app is the right choice for UK travellers to prove their COVID status, say IT professionals03/05/2021 09:20:00
Adapting the NHS app to allow UK travellers abroad to prove their COVID status is the right decision by government, IT industry experts say. The app currently used to book GP appointments and access medical records can be effectively upgraded because it is open source and supported by NHS staff, according to BCS The Chartered Institute for IT.