IT Auditing and Security Risk Management: A Practical Guide to Controls, Compliance, Cyber Risk, Audit Execution

IT Auditing and Security Risk Management is a practical, modern guide designed for anyone who needs to understand how technology controls, cybersecurity risk, and audit execution work in real organisations. Whether you are an aspiring IT auditor, a cybersecurity professional transitioning into governance and compliance, a manager responsible for risk decisions, or a student preparing for a career in IT assurance - this book provides a structured, step-by-step approach to mastering IT audit and security risk management. Inside this book, you will learn: - How the IT audit lifecycle works - from planning to reporting- How to assess risk using likelihood, impact, inherent and residual scoring- How to audit IT General Controls (ITGCs): access, change, operations, incident response, and DR- How to test application controls, audit trails, and data integrity- How to evaluate logging, monitoring, and SOC evidence- How to assess vulnerability management and patch governance- How to audit cloud environments (AWS/Azure/GCP) using shared responsibility principles- How to perform third-party risk management (TPRM) and vendor audits- How Zero Trust, remote work, and endpoint security reshape audit scope- How AI security and AI governance introduce new risk domains- How to write audit findings clearly, assign risk ratings, and drive remediation This book bridges the gap between technical cybersecurity controls and executive risk reporting, giving you the confidence to audit modern environments and communicate risk professionally. If you want a guide that is practical, structured, and aligned with today's cyber threats and compliance expectations, this book is for you.

Pages: 222, Paperback, Independently published