ITG Resources – Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors


IT Governance Ltd sources, creates and delivers products and services to meet the real-world, evolving IT governance needs of today’s organisations, directors, managers and practitioners.

The ITG website ( is the international one-stop-shop for corporate and IT governance information, advice, guidance, books, tools, training and consultancy. On the website you will find the following page related to the subject matter of this book:

Publishing Services

IT Governance Publishing (ITGP) is the world’s leading IT-GRC publishing imprint that is wholly owned by IT Governance Ltd.

With books and tools covering all IT governance, risk and compliance frameworks, we are the publisher of choice for authors and distributors alike, producing unique and practical publications of the highest quality, in the latest formats available, which readers will find invaluable. is the website dedicated to ITGP. Other titles published by ITGP that may be of interest include:

•   Information Security Risk Management for ISO27001/ISO27002

•   Governance of Enterprise IT based on COBIT® 5

•   The Security Consultant’s Handbook

We also offer a range of off-the-shelf toolkits that give comprehensive, customisable documents to help users create the specific documentation they need to properly implement a management system or standard. Written by experienced practitioners and based on the latest best practice, ITGP toolkits can save months of work for organisations working towards compliance with a given standard.

Please visit to see our full range of toolkits.

Books and tools published by IT Governance Publishing (ITGP) are available from all business booksellers and the following websites:

Training Services

The effective management of information risk depends on the implementation, maintenance and continual improvement of an information security management system (ISMS). The international standard ISO 27001 sets out the specifications for an ISMS, a risk-based approach to corporate information security that encompasses the whole organisation.

IT Governance’s ISO 27001 Learning Pathway provides ISO 27001 information security courses from Foundation to Advanced level, with internationally recognised qualifications awarded by IBITGQ.

Our classroom and online training programmes will help you develop the skills required to deliver best practice and compliance to your organisation. They will also enhance your career by providing you with industry standard certifications and increased peer recognition. Our range of courses offer a structured learning path from Foundation to Advanced level in the key topics of information security, IT governance, business continuity and service management.

Full details of all IT Governance training courses can be found at

Professional Services and Consultancy

Managing information risks depends on determining the adequacy of your information security systems. Whether you’re certified to an international standard such as ISO 27001 or follow your own processes, a good, risk-based information security posture depends on regular penetration testing to determine the vulnerabilities you present to the Internet so that you can mitigate them.

IT Governance’s consultant-driven penetration tests combine a range of advanced manual tests by our expert, CREST-accredited penetration testers with a number of automated vulnerability scans, using multiple tools and techniques, to enable you to protect your web applications from malicious attack.

As a CREST member company, IT Governance has been verified as meeting rigorous standards of security testing. Our clients can rest assured that our technical work will be carried out by qualified and knowledgeable professionals.

For more information about penetration testing and other IT Governance technical services, please see:


You can stay up to date with the latest developments across the whole spectrum of IT governance subject matter, including risk management, information security, ITIL and IT service management, project governance, compliance and so much more, by subscribing to our newsletter.

Simply visit our subscription centre and select your preferences: