Mastering the IT Audit
Couldn't load pickup availability
ISBN: 9789365893274
eISBN: 9789365891683
Authors: Jyothi Ramaswamy
Rights: Worldwide
Edition: 2026
Pages: 442
Dimension: 7.5*9.25 Inches
Book Type: Paperback
- Description
- Table of Contents
- About the Authors
The role of the IT team spans the full lifecycle of assets. It begins with the procurement and onboarding of IT resources, followed by configuration, governance, and identification of critical infrastructure. To ensure operational continuity, the IT team should establish robust backups, monitor system thresholds, and execute strategic capacity planning.
This book is about learning the IT landscape, perimeter setup, and the interfaces to business applications. The landscape covers all appliances in network, server, and storage management, their configuration, and maintenance. Capacity, incident, and change management are governance activities of the IT team. In addition to these, the auditor has to understand security policies, patching practices, and segregation of networks for proper access control.
Learning IT auditing helps one become an efficient IT engineer. Auditors bring a strong foundation in systems, controls, and risk management. With focused learning and the right mindset, they can transition into engineers who build secure, efficient, and compliant systems from the beginning. Learning IT auditing will help one to become a good IT service executive, administrator, and architect.
WHAT YOU WILL LEARN
● Defining the scope of the IT landscape in supporting the business.
● Implementing controls based on ITIL and ISO 20000.
● Governance mechanisms, assets, configuration, and change management.
● Administering devices, appliances, and storage systems.
● Ensuring continuity and recovery for critical business operations.
● Importance of logging and monitoring for ensuring availability.
● Security controls for IT infrastructure, network, and operations.
● Conducting audits, writing audit reports, and ensuring remediation.
WHO THIS BOOK IS FOR
This book is intended for the middle management team involved in IT service management, risk, quality, and audit management activities. Server, network, and endpoint device administrators, IT architects, risk managers, crisis managers, and system monitoring team leads will benefit by learning to implement required governance and compliance mechanisms in IT service management for their career growth.
1. IT Audit and Assurance Standards Statements
2. IT Audit Defined, Charter and Criteria
3. Planning, Scheduling, Reporting and Follow-ups for Audit
4. Types of Audits
5. IT Policies, Processes and SOPs
6. Risk Management and Impact Analysis
7. Procurement, Asset, Capacity, and Cloud Service Management
8. Access Management and Acceptable Usage Policy
9. Network, Server, Storage and Endpoint Management
10. Business Continuity and Disaster Recovery Planning
11. Organization Context and IT Services
12. Logging and Monitoring Services
13. KPIs and Status Reports
14. BCP Drills, Plans and Reports
15. Configuration and Change Management
16. IT Audit Frameworks ISO 20000 and ITIL
17. Organizations, People, Data and Technology Processes
18. Partners, Value Streams and Processes
19. Scope of Audit and Audit Plan
20. Review of Policy and Controls
21. Interviews, Site Visits and Technical Testing
22. Audit Findings and Actionable Audit Report
23. Evolving with the Audit Landscape
Jyothi Ramaswamy is a seasoned risk, security, audit, and compliance professional with over 25 years of experience in the information security domain. Her career spans a distinguished tenure at Tata Consultancy Services Ltd., where she specialized in defining, implementing, reviewing, and auditing controls across complex IT environments. Currently operating as a freelance consultant, auditor, and trainer, Jyothi brings expertise in auditing diverse facets of organizational process management, particularly in the realms of information security and data privacy. Her consulting work is rooted in global standards, with a strong focus on ISO 27001, ISO 20000, ISO 9001, ISO 27701, and CIS controls.
Jyothi is a passionate educator and a certified trainer, known for delivering impactful sessions on cybersecurity, service and quality management, and regulations. Her audit experience spans enterprise networks, firewall-segregated infrastructures, and air-gapped systems. She has played key roles in ISO audits, SSAE assessments, third-party risk evaluations, and internal audits across various business functions. A committed member of professional bodies such as ISACA, IEEE, and GCA, Jyothi actively contributes to local chapters and has led numerous awareness programs on data privacy, cyber risk, and audit methodologies. Her credentials include ISO 27001:2022 Lead Auditor, CRISC – Certified in Risk and Information Systems Control, CISM – Certified Information Security Manager, CRISP – Certified Risk Professional, BS 7799 Lead Implementer, and APMG accredited ISACA Chapter Trainer for CISM and CRISC certifications.
Known for her collaborative spirit, sharp analytical skills, and problem-solving capabilities, Jyothi continues to contribute to the future of audit and security through her thought leadership and hands-on expertise.