IT Security Risk Control Management

An Audit Preparation Plan

  • Raymond Pompon

Table of contents

  1. Front Matter
    Pages i-xxxi
  2. Getting a Handle on Things

    1. Front Matter
      Pages 1-1
    2. Raymond Pompon
      Pages 3-11
    3. Raymond Pompon
      Pages 13-21
    4. Raymond Pompon
      Pages 23-37
    5. Raymond Pompon
      Pages 39-50
    6. Raymond Pompon
      Pages 51-65
  3. Wrangling the Organization

    1. Front Matter
      Pages 67-67
    2. Raymond Pompon
      Pages 69-80
    3. Raymond Pompon
      Pages 81-98
    4. Raymond Pompon
      Pages 99-112
    5. Raymond Pompon
      Pages 113-121
    6. Raymond Pompon
      Pages 123-130
  4. Managing Risk with Controls

    1. Front Matter
      Pages 131-131
    2. Raymond Pompon
      Pages 133-143
    3. Raymond Pompon
      Pages 145-152
    4. Raymond Pompon
      Pages 153-163
    5. Raymond Pompon
      Pages 165-174
    6. Raymond Pompon
      Pages 175-185
    7. Raymond Pompon
      Pages 187-195
    8. Raymond Pompon
      Pages 197-217
    9. Raymond Pompon
      Pages 219-229
    10. Raymond Pompon
      Pages 231-238
    11. Raymond Pompon
      Pages 239-258
  5. Being Audited

    1. Front Matter
      Pages 259-259
    2. Raymond Pompon
      Pages 261-274
    3. Raymond Pompon
      Pages 275-282
    4. Raymond Pompon
      Pages 283-292
    5. Raymond Pompon
      Pages 293-300
  6. Back Matter
    Pages 301-311

About this book


Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking.

IT Security Risk Control Management provides step-by-step guidance for IT professionals on how to craft a successful security program. Readers will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes, including:

  • Building a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constant changing threats
  • Preparing for and passing such common audits as PCI-DSS, SSAE-16, and ISO 27001.
  • Calibrating the scope, and customizing security controls to fit into an organization’s culture.
  • Implementing the most challenging processes, pointing out common pitfalls and distractions.
  • Framing security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice.

With IT Security Risk Control Management, you will be able to construct an information security program, from inception to audit, with enduring, practical, hands-on advice, and actionable strategies for IT professionals.


IT Security Security Audit Security Risk Security Policy Risk Management Network Security Controls Logical Access Controls Vulnerability Management Network Breach Network Risk Failure Mode Effects Analysis Adversarial Risk SSAE-16 PCI ISO27001

Authors and affiliations

  • Raymond Pompon
    • 1
  1. 1.SeattleUSA

Bibliographic information

Industry Sectors
Chemical Manufacturing
Finance, Business & Banking
IT & Software
Consumer Packaged Goods
Energy, Utilities & Environment
Oil, Gas & Geosciences