Reader small image

You're reading from  CISA – Certified Information Systems Auditor Study Guide - Second Edition

Product typeBook
Published inJun 2023
PublisherPackt
ISBN-139781803248158
Edition2nd Edition
Right arrow
Author (1)
Hemang Doshi
Hemang Doshi
author image
Hemang Doshi

Hemang Doshi has more than 15 years of experience in the field of system audit, IT risk and compliance, internal audit, risk management, information security audit, third-party risk management, and operational risk management. He has authored several books for certification such as CISA, CRISC, CISM, DISA, and enterprise risk management.
Read more about Hemang Doshi

Right arrow

Information Asset Security Frameworks, Standards, and Guidelines

An information security framework is a set of documented policies, procedures, and processes that define how information is managed in an organization. There are two prime objectives of the framework:

  • Lower risk and vulnerability
  • Protect the enterprise by guarding the CIA of critical and sensitive information

Auditing the Information Security Management Framework

An IS auditor should consider the following aspects for auditing the information security management framework:

  • Review the adequacy and approvals for various policies, procedures, and standards.
  • Review security training and awareness programs and procedures. Determine the effectiveness of the program. It is advisable to interact with a few employees and evaluate their level of awareness.
  • Determine whether proper ownership has been assigned for critical processes, systems, and data. The IS auditor should determine whether...
lock icon
The rest of the page is locked
Previous PageNext Page
You have been reading a chapter from
CISA – Certified Information Systems Auditor Study Guide - Second Edition
Published in: Jun 2023Publisher: PacktISBN-13: 9781803248158

Author (1)

author image
Hemang Doshi

Hemang Doshi has more than 15 years of experience in the field of system audit, IT risk and compliance, internal audit, risk management, information security audit, third-party risk management, and operational risk management. He has authored several books for certification such as CISA, CRISC, CISM, DISA, and enterprise risk management.
Read more about Hemang Doshi