IT Security Risk Control Management

a book review

product linkIT Security Risk Control Management
sub-titleAn Audit Preparation Plan
authorRay Pompon
date reviewed2016.12.12
genreComputer Technology

Ray Pompon's book is the guide I needed back in 2011 when I first took a service organization through an audit. It is a thorough discussion of the subject, covering the range of a service audit's scope in a spare and to-the-point style that serves both as a guide and reference. Rather than exploring any handful of subjects in exhaustive detail, the book concentrates on covering the subject area with enough understanding to communicate the important ideas ("why") and the necessary tasks ("what"), then adds pointers and links to the reams of underlying "how" material. It's a great way to organize the book, and a great way to organize an approach to the daunting challenge before any practitioner with a SOC-2/SOC-1 a year away.

Even after five years, I still need a reference with ideas, and this is that book.

One oddity was the font chosen by the publisher. It's small, dark, and cramped.

👍🏼 recommended

rand()m quote

Remove everything that has no relevance to the story. If you say in the first chapter that there is a rifle hanging on the wall, in the second or third chapter it absolutely must go off. If it's not going to be fired, it shouldn't be hanging there.

—Anton Chekhov