Formerly the Internal Audit and IT Audit series - now rebranded and wider in scope!
The scope and mandate for internal audit continues to evolve each year, as does the complexity of the business environment and speed of the changing risk landscape in which it must operate.
The fundamental goal of this exciting series is to produce leading-edge books on critical subjects facing security and audit executives and practitioners.
Key topics addressed include Leadership, Cybersecurity, Security Leadership, Privacy, Strategic Risk Management, Auditing IT, Audit Management and Leadership, and Operational Auditing.
If you're interested in submitting a proposal for a book to be included in the series, please email [email protected]
By Dan Shoemaker, Anne Kohnke, Ken Sigler
February 08, 2016
A Guide to the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (2.0) presents a comprehensive discussion of the tasks, knowledge, skill, and ability (KSA) requirements of the NICE Cybersecurity Workforce Framework 2.0. It discusses in detail the relationship...
By Abhik Chaudhuri
August 17, 2018
This book explains IoT technology, its potential applications, the security and privacy aspects, the key necessities like governance, risk management, regulatory compliance needs, the philosophical aspects of this technology that are necessary to support an ethical, safe and secure digitally ...
By Ken Sigler, Dan Shoemaker, Anne Kohnke
November 20, 2017
The book presents the concepts of ICT supply chain risk management from the perspective of NIST IR 800-161. It covers how to create a verifiable audit-based control structure to ensure comprehensive security for acquired products. It explains how to establish systematic control over the supply ...
By Lynn Fountain
December 08, 2016
This book helps auditors understand the reality of performing the internal audit role and the importance of properly managing ethical standards. It provides many examples of ethical conflicts and proposes alternative actions for the internal auditor. Internal auditors are well-schooled on the IIA ...
By Ann Butera
May 05, 2016
Risk-based operational audits and performance audits require a broad array of competencies. This book provides auditors and risk professionals with the understanding required to improve results during risk-based audits.Mastering the Five Tiers of Audit Competency: The Essence of Effective Auditing ...
By Richard E. Cascarino
March 16, 2017
There are many webinars and training courses on Data Analytics for Internal Auditors, but no handbook written from the practitioner’s viewpoint covering not only the need and the theory, but a practical hands-on approach to conducting Data Analytics. The spread of IT systems makes it necessary that...
By Anne Kohnke, Ken Sigler, Dan Shoemaker
March 09, 2017
The book provides the complete strategic understanding requisite to allow a person to create and use the RMF process recommendations for risk management. This will be the case both for applications of the RMF in corporate training situations, as well as for any individual who wants to obtain ...
By Eugene Fredriksen
April 27, 2017
The book takes readers though a series of security and risk discussions based on real-life experiences. While the experience story may not be technical, it will relate specifically to a value or skill critical to being a successful CISO. The core content is organized into ten major chapters, each ...
By Anne Kohnke, Dan Shoemaker, Ken Sigler
April 07, 2016
The Complete Guide to Cybersecurity Risks and Controls presents the fundamental concepts of information and communication technology (ICT) governance and control. In this book, you will learn how to create a working, practical control structure that will ensure the ongoing, day-to-day ...
By Ken Sigler, James L. Rainey, III
January 21, 2016
Past events have shed light on the vulnerability of mission-critical computer systems at highly sensitive levels. It has been demonstrated that common hackers can use tools and techniques downloaded from the Internet to attack government and commercial information systems. Although threats may come...