The Role Of Auditing From An Information Security

2123 Words9 Pages
Conceptualization of the role of auditing in Information Security Governance Frameworks.
Abstract
Auditing aims to provide a well-informed assurance over information security efforts. The present work tries to understand the role of auditing from an Information Security perspective by reviewing three Information Security Governance Frameworks. An initial view of auditing from various literature is first constructed to understand the expected purpose of Auditing. This initial understanding then guides the assessment of frameworks. The frameworks are also evaluated based on the aspects of governance they address, the organizational structures they suggest and how well the audit process is integrated within the whole ISG framework. Finally, conclusions are drawn about the relative merits and demerits of the frameworks and how well they address the requirements of auditing.
Keywords
Information Security Governance, Auditing, Performance Measurement
Introduction
Information Security deals with the Confidentiality, Integrity and Availability of organizational data to facilitate business decisions. Information Security breaches inflict significant monetary and reputational damage to organizations. Thus, ensuring business information security becomes a matter of great importance at the board level. Therefore organizations must view Information security from a governance perspective.
Information security research was initially focused on technical aspects of security such as secure
Open Document