Assuring Information Security
by Robert E. Davis
Information and associated technologies continue to advance toward diverse distributed configuration environments for entering, processing, storing, and retrieving data. The magnitude of changes occurring can be clearly seen in the explosion of linked IT infrastructures connected to cloud computing service providers and mobile computing devices. Consequently, the impact of such decentralization has increased the need for effective safeguarding of information assets. Foundationally paraphrasing from Title 44, Chapter 35, Subchapter III, Section 3542(b)(1) of the United States Code; the term “information security” is defined as the protecting of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Correspondingly, as suggested in Chapter 1 of IT Auditing: Assuring Information Assets Protection, information security is typically a complex and dynamic safeguarding subject. Given the descriptive attributes normally associated with information security, IT auditors usually have a vast array of sub-topics to contemplate when performing information assets protection (IAP) related audits, reviews, or agreed-upon procedures. “Assuring Information Security” was written with the intent to create quality quick reference material for assurance service practitioners to enable addressing protection mandates. Therefore, this pocket guide is appropriate for entity employees interested in ensuring, or verifying, the design and deployment of effective information security controls. As for content; Audit Managers, Chief Security Officers, Chief Compliance Officers, Chief Information Officers, Chief Information Security Officers, Auditors, Information Technology professionals, and Control Self-Assessment personnel will find this pocket guide an informative, and authoritative, information security document.