Information Security Governance
Robert E. Davis, MBA, CISA, CICA
Robert E. Davis is an independent management audit consultant
(currently associated with Robert Half Management Resources) and a
Software, Inc. author and instructor, as well as Pleier Corporation
author. His IT audit specializations include Control Objectives
Information and related Technology, Sarbanes-Oxley Act, and the Foreign
Corrupt Practices Act. Regarding information security and
Robert is available to provide International Organization for
Standardization-27000, Gramm-Leach-Bliley Act, and Basel II
His primary computer technology research interests
databases, operating systems, and distributed information systems
Recently, he has applied his expertise in assisting organizations in
fulfilling U.S. Sarbanes-Oxley and Federal Information Security
Management Act requirements as well as training professionals
Since starting his career as an IT
auditor, Robert has provided data
security consulting and IT auditing services (from staff through
senior management positions) to the United States Enrichment
Corporation, Raytheon Company, United States Interstate Commerce
Commission, Dow Jones & Company, Fidelity/First Fidelity (Wachovia)
Corporations, and other organizations.
Some of his professional IT software
and hardware experience includes
MVS, UNIX, Windows, Oracle, Clarity, the International Money Management
PERL, COBOL, PASCAL, DEC, IBM, Tandem, Compaq, and DELL.
Prior to engaging in the practice of
IT auditing and information
security consulting, Robert provided inventory and general accounting
services to Philip Morris USA and general accounting services to
Philadelphia National Bank (Wachovia).
Robert graduated from Temple
University and West Chester University of
Pennsylvania with a Bachelor of Business Administration and Master of
Business Administration degree, respectively. While attending
University, his major areas of study were Business Law and
He successfully completed the requirements for a Management Information
Systems subject major at West Chester University.
Robert obtained the Certified
Information Systems Auditor (CISA)
certificate, after passing the 1988 Information Systems Audit and
Association’s rigorous three hundred and fifty multiple-choice
questions examination and was conferred the Certified Internal Controls
Auditor (CICA) certificate by the Institute for Internal Controls.
During his twenty-year professional
involvement in education, Robert
acquired postgraduate and professional technical licenses in computer
science and computer systems technology.
Robert has authored "Did IT Auditing
Forget the Foreign Corrupt Practice Act" and "How Does Management
Support Deploying IT Governance?" articles for IT
AUDIT magazine and IT Governance,
Robert is a former
ISACA-Philadelphia Chapter Board of Directors member and College
Relations Chairman. Robert has provided instruction to an
Internet CISA study group, the Data Processing Management Association,
and the ISACA-Philadelphia Chapter CISA Review Course.
Robert is a member of The
Institute of Internal Auditors, ISACA, the American Association of
University Professors, and The Institute for Internal Controls.
also a college computer science and mathematics instructor, having
previously taught at Cheyney University and Bryant & Stratton
For those preparing
for the CISA or Certified Information Security
Manager (CISM) examination, Robert has authored knowledge diagnostic
tests that are also available at http://www.boson.com/Product/64.html.
Based on his accomplishments,
Robert has been featured in Temple
University's Fox School of Business Alumni Newsletter and The
Institute for Internal Controls e-Newsletter. Furthermore, he is
lifetime member of the Madison Who's Who Registry of Executives and
has authored 6 other indispensable resources available from Pleier
Auditing: An Adaptive Process", "IT
Auditing: IT Governance", "IT Auditing: Information
Assets Protection" "IT Auditing: Irregular and
Illegal Acts" and "IT
Auditing: IT Service
Delivery and Support".
These publications are also especially valuable
references to prepare for related sections of the ISACA Certified
Systems Auditors examination.
Additional references and information
is available at Have CISA - Will Travel.
Robert is sharing his experience by
providing tools to prepare auditors
to perform IT audits of Information Security Governance in an extremely
Auditing: Information Security Governance
organizations, governmental organizations, colleges, and universities
can benefit from his knowledge and expertise concerning IT auditing.
This self-paced PowerPoint presentation with accompanying material is
organized to provide initial training of IT auditors and audit
The “Administrator’s Guide” provides tools for group and individual
This course provides a detailed
examination of IT audit and review procedures for information security
governance. Participants who complete this course will be
adequately prepared to perform competent information security
governance assessments including:
Develop, implement, and/or incorporate an "Information Security
Governance" risk-based audit and review procedures strategy and
objectives in compliance with ISACA’s standards to ensure that the
organization's information technology and business processes are
adequately controlled, monitored, and assessed, and are aligned with
the organization's business and IT objectives.
governance into IT audits and reviews to ensure that the IT
audit/review strategy and objectives are achieved.
sufficient, reliable, relevant, and useful evidence to achieve the
Information Security Governance audit/review procedures objectives.
governance information gathered to identify reportable conditions and
management’s information security governance risk assessment to provide
reasonable assurance that control objectives have been achieved.
information security governance audit/review results to key
7. Facilitate the
implementation of information security governance risk management and
control practices within the organization.
Utilizing the enclosed PowerPoint slides, in conjunction with the
“Participant’s Guide,” can ensure adequate understanding of IT
audits and reviews related to Information Security
attentiveness to the material and completion of the twelve exercises
in the Guide can enhance auditor professionalism in corresponding job
Auditors and Audit Departments
that purchase this electronic
publication on CD can duplicate the enclosed Administrator’s and
Participant’s Guides royalty free for training of individual auditors
and security professionals in that department and for in-house group
Organizations including schools that purchase this electronic
publication on CD can
duplicate the enclosed Administrator’s
Participant’s Guides and use
that material to conduct
and classroom training by paying a royalty fee of $20 by check or
online for each copy of the workbook
produced on paper or file to:
Attn: IT Auditing: Information Security Governance
P.O. Box 3900
Mission Viejo CA 92690-1900
United States of America
When making payment please include
with payment or a separate email the
and date that the training was held.
Your feedback, concerning this
product, should be sent to firstname.lastname@example.org.
IT Auditing: Information
Security Governance contains 402
PowerPoint slides with slide notes offering a practical method for
audits and reviews addressing potential IT Auditing: Information
Security Governance risks. Furthermore, the PowerPoint slides
allows presentation and
participation in either a group or individual self-paced training
This “IT Auditing: Information Security Governance” course can be
in a 3 day period as outlined in the PowerPoint slides, in any
timeframe to meet an organization's needs, or in a self-paced mode for
To view each of the 3 PowerPoint presentations click the blue link for
that module such as the one that follows. Click View Slide Show
necessary. Click the left mouse button each time you are ready to
advance to the next item or to check an answer throughout this
presentation. To continue a presentation at a specific slide
while viewing slideshow right click the mouse, select Go To Slide, and
select a specific slide number.
Auditing: Information Security Governance Presentation – module 1"
Module 1 sets the framework for learning about IT Auditing: Information
Security Governance as well as offering suggestions to use this CD in a
self-study or group training mode addressing specifically:
“IT Auditing: Information Security
Governance Presentation – module 2"
Introductions (if a group)
Appropriate IT Auditor Training
An 18-question Diagnostic Test with answers
IT Audit Training Agenda
Suggested Training Schedule
IT Audit Methodology
8 Types of IT Audits
Overview of Information Security Governance
Information Security Governance Program Management
Information Security Governance Organizational Practices
Information Security Strategic Alignment Requirements
COBIT and ISO 27000 Frameworks
Module 2 continues the learning about
IT Auditing: Information Security Governance addressing specifically:
Security Value Delivery Significance
“IT Auditing: Information
Security Governance Presentation – module 3"
Business Risk Management Principles
Information Technology Risk Management Principles
Information Security Risk Management Principles
Control Selection Interaction Model
Information Security Resource Criticality
Information Security Performance Measurement
Information Security Performance Monitoring
IT Audit and Review Planning Issues
IT Audit and Review Management
Auditable Units Bidirectional Linkages
Module 3 continues the
IT Auditing: Information Security Governance addressing specifically:
Audit and Review Risk Assessment
Internal Control Assessment
Management Information Systems
IT Tools and Techniques
Key Auditable Units
Evaluating Outsourced Activities
Information Security Governance Administrator's
84-page "Administrator's Guide" provides the administrator / seminar
leader with an excellent guide to offer quality training correlated to
the "IT Auditing: Information Security Governance" PowerPoint
presentation and provides answers for course participant exercises.
Beneficially, the "Administrator's Guide" documents researched answers,
with additional reference sources available on the Internet.
access the Administrator's Guide click the blue link above.
In a self-study mode the participant should use the "Participant's
Guide" and then check the accuracy of an answer with the
Information Security Governance Participant's Guide"
The 40-page "Participant's Guide"
encourages active learning about Information Security Governance
associated with IT audits and reviews. This workbook allows application
of presented material and demonstration of the IT audit methodology,
using various formats. Additionally, practice variety also is
incorporated through group or individual exercise assignments.
The "Participant's Guide" contains a glossary of terms that participant
might want to reference throughout the PowerPoint presentation.
To access the
Participant's Guide click the blue link above.
If you like the quality
of this CD-ROM publication check http://www.pleier.com
- Click the link to preview:
Form - PDF
Order Form -
Thank you for purchasing
a copy of the "IT Auditing: Information Security Governance".
tell others about these resources.