Auditors are humans - use their skill to improve your information security

30 Mar 2016 12:45 PM

BCS publishes Information Security Auditor role book

Information assurance auditors need to hear what is being said - as well as what is not being said - according to the Information Security Auditor - the latest role book to be published by BCS, The Chartered Institute for IT.

The book emphasises the importance of communication skills, both talking and listening; as important qualities for those working in the IS audit profession.

Author, Wendy Goucher explains: “The role of an information security (or assurance) auditor is very important, and identifying security gaps in an organisation's information systems can be a vital step in protecting data and information. In order to do this successfully an auditor needs to hear what is being said - as well as what is not being said. They also need to be up to date with standards and changes in the workplace, as well as with the way people work. A good auditor will help organisations find ways to reduce or mitigate new risks to the business, by drawing on their own experience and that of others they meet or read about.”

Based on the author's extensive experience, the book gives practical guidance to those new to the role or interested in developing a better understanding of what it entails. It provides an excellent introduction to the role, covering areas such as purpose, required skills, responsibilities, interface and career progression as well as tools, standards and frameworks related to the role.  

Wendy advises that in order to get the most out of an information security audit, auditors and those working with them, need to understand the value they bring to the business, and offers the following top tips:

• Understand why audit is important for that business at that time.
• Understand any background pressures or context which may affect the audit.
• Plan, do, check and act your audit.
• Ensure that the audit has the support of board level management.
• Understand the business and any operational pressures.
• Auditors are humans, use their skill to improve your information security.

Vernon Poole, CISM, CGEIT & CRISC - Head of Business Consultancy, Sapphire describes Information Security Auditor as: “A refreshingly good book - easy to read with excellent guidance for both budding auditors and auditees. Wendy’s outline of a model Information Security Auditor outlines both the technical and personal skills required to succeed and it is her attention to the personal skill sets that is unique in this book.”

About the author:

Wendy Goucher is a specialist information security consultant. Most of her work is focused on working with organisations to devise policy and procedures that are both compliant with external rules and operationally effective. This can be an interesting balancing act for which her first degree in business-focused social science with a core of psychology is useful.

About the book:
ISBN: 9781780172163
Format: Paperback
Published: March 2016
Price: UK: £19.99 EU: €26.99 USD: $30.99

The book is available from the BCS Bookshop

Contact the Press Office