Information Security Auditor

Wendy Goucher

Published by

BCS, The Chartered Institute for IT





Reviewed by

Anthony Sutcliffe MSc CCI, MBCS


8 out of 10

This book is part of the BCS Guides to IT Roles series, and it sets out to provide a good understanding of what the role of an IT Information Security Auditor actually involves.

As the book identifies, there are many misunderstandings about the remit of this position; too often, the auditor is seen as a bogeyman, primarily concerned with tick boxes on lists. However, as the book clearly shows, the role is much more about helping the savvy IT team to identify those areas within the IT operations that need a little more focus, to help prevent the sudden shock of a data breach.

The book is very well written, and could be of some importance to those people that are simply looking to improve their own skills and the functionality of their IT department. It provides some useful guidance on the way to approach a security audit, and how this might offer practical benefits to a business, with details on the methods that are proven to generate a suitable audit strategy.

However, it would also be of considerable value to those that are considering a move into this area, as it also offers some more specific advice on how to get started in the field. It suggests the appropriate background and interests, along with guidance on the necessary attitude and activities; and it demonstrates ways for the individual to stand out as a security professional. In addition, it briefly covers those topics that would allow the advisor to build a good working relationship with their clients.

Although quite a slim volume that might be thought to be limited in worth, it actually conveys a considerable amount of detail. The text is occasionally broken up by some useful notes and examples to highlight key points, and the occasional diagram that helps to provide a way to consolidate the ideas that the author puts forward.

However, on a personal note, I did have a very slight issue with the font used to print the typescript. Along with the way that the text is justified, I occasionally found it a little bit awkward to read, and it was necessary to stop, go back and re-read on many occasions. This was pity as apart from that minor inconvenience, I found the book to be quite an enjoyable read; and I believe that it could be a useful little primer for a very important position within the IT Security field.

Further information: BCS, The Chartered Institute for IT

November 2016