IT Security Risk Control Management

a book review

sub-titleAn Audit Preparation Plan
authorRay Pompon
date reviewed2016.12.12
genreComputer Technology

Ray Pompon's book is the guide I needed back in 2011 when I first took a service organization through an audit. It is a thorough discussion of the subject, covering the range of a service audit's scope in a spare and to-the-point style that serves both as a guide and reference. Rather than exploring any handful of subjects in exhaustive detail, the book concentrates on covering the subject area with enough understanding to communicate the important ideas ("why") and the necessary tasks ("what"), then adds pointers and links to the reams of underlying "how" material. It's a great way to organize the book, and a great way to organize an approach to the daunting challenge before any practitioner with a SOC-2/SOC-1 a year away.

Even after five years, I still need a reference with ideas, and this is that book.

One oddity was the font chosen by the publisher. It's small, dark, and cramped.

👍🏼 recommended

rand()m quote

It has always seemed strange to me...The things we admire in men, kindness and generosity, openness, honesty, understanding and feeling, are the concomitants of failure in our system. And those traits we detest, sharpness, greed, acquisitiveness, meanness, egotism and self-interest, are the traits of success. And while men admire the quality of the first they love the produce of the second.

—John Steinbeck, Cannery Row