IT Security Risk Control Management

a book review

titleIT Security Risk Control Management
sub-titleAn Audit Preparation Plan
authorRay Pompon
date reviewed2016.12.12
genreComputer Technology

Ray Pompon's book is the one I needed back in 2011 when I first took a service organization through an audit. It is a thorough discussion of the subject, covering the range of a service audit's scope in a spare and to-the-point style that serves both as a guide and reference. Rather than exploring any handful of subjects in exhaustive detail, the book concentrates on covering the subject area with enough understanding to communicate the important ideas ("why") and the necessary tasks ("what"), then adds pointers and links to the reams of underlying "how" material. It's a great way to organize the book, and a great way to organize an approach to the daunting challenge before any practitioner with a SOC-2/SOC-1 a year away.

Even after five years, I still need a reference with ideas, and this is that book.

One oddity was the font chosen by the publisher. It's small, dark, and cramped.


leave a comment

By submitting this form you agree to the privacy terms.

rand()m quote

(In which I leave the final word to someone else.)

Marriage is like a game of chess, except the board is flowing water, the pieces are made of smoke and no move you make will have any effect on the outcome.

-Jerry Seinfeld

privacy ·copyright ·sitemap ·website traffic