GTAG 15 CoverGTAG 15: Information Security Governance

Download (members only, PDF)

Purchase from the IIA Research Foundation Bookstore

Download PPT Presentation covering GTAG 15 (members only, PDF)

Information is a significant component of most organizations’ competitive strategy either by the direct collection, management, and interpretation of business information or the retention of information for day-to-day business processing. Some of the more obvious results of IS failures include reputational damage, placing the organization at a competitive disadvantage, and contractual noncompliance. These impacts should not be underestimated.

This Global Technology Audit Guide (GTAG) will provide a thought process to assist the chief audit executive (CAE) in incorporating an audit of information security governance (ISG) into the audit plan, focusing on whether the organization’s ISG activity delivers the correct behaviors, practices, and execution of IS.

GTAG 15: Information Security Governance will assist efforts to:

  1. Define ISG.
  2. Help internal auditors understand the right questions to ask and know what documentation is required.
  3. Describe the internal audit activity’s (IAA) role in ISG.

 

 

TABLE OF CONTENTS

1. Executive Summary 

2. Introduction

2.1. What is Information Security Governance?

2.2. What is Effective Information Security Governance?

2.3. What is Efficient Information Security Governance?

2.4. Why Should the CAE Be Concerned About Information Security Governance?

 

3. The Internal Audit Activity’s Role in Information Security Governance

3.1. The Internal Audit Activity’s Responsibilities Related to Information Security Governance

3.2. Auditor Background and Experience Level

3.3. Audits of Information Security Governance

 

4. Auditing Information Security Governance

4.1. Auditing Information Security Governance – Planning

4.2. Auditing Information Security Governance – Testing

4.3. Auditing Information Security Governance – Analyzing

 

5. Conclusion/Summary

 

6. Appendix – Sample Audit Questions/Topics

 

7. References

 

8. Authors and Reviewers

 

 

Authors

Paul Love, CISSP, CISA, CISM
James Reinhard, CIA, CISA
A.J. Schwab, CISA
George Spafford, CISA

 

Questions about this GTAG? Email guidance@theiia.org

 

 
© 2012 The Institute of Internal Auditors / 247 Maitland Avenue Altamonte Springs, FL. 32701-4201 USA / +1-407-937-1100 / FAX +1-407-937-1101 • www.theiia.org