Bøker utgitt av IT Governance Publishing

Improve employee safety, reduce workplace incidents and create better, safer working conditionsAccording to a reportfrom the ILO (International Labour Organization), there are more than 2.78 million deaths and 374 million non-fatal injuries and illnesses per year as a result of occupational accidents or work-related diseases. The ILO estimates that the annual cost to the global economy is $3 trillion (about trillion), and in the UK alone it's estimated that 30.7 million working days were lost in 2017/2018 as a result of work-related illness and injury. Can your organisation afford to contribute to these statistics?How can ISO 45001 help?ISO 45001:2018, Occupational health and safety management systems - Requirements with guidance for use, is the international standard for creating and maintaining an OHSMS (occupational health and safety management system). The Standard provides guidance and an effective set of processes for improving worker safety and is designed to help organisations of all sizes and anywhere in the world reduce workplace injuries and illnesses.Creating and maintaining an OHSMS demonstrates employer due diligence and reasonable care, reduces workplace incidents, improves employee health, reduces absenteeism, increases productivity and creates a safer working environment for employees.Establishing an OHSMS based on ISO 45001This book provides a comprehensive explanation of the detailed requirements of ISO 45001. The author draws out key parts of the Standard, which can often be confusing for non-experts or newcomers to ISO standards, and explains what they mean and how to comply.Professionals involved in any aspect of an OHSMS, including development, documentation, implementation, training, supervision or auditing, will find the book useful. Equally, those with no background in the subject will find it a valuable resource. The book:Follows a hands-on and step-by-step approach to building an OHSMS;Explains the purpose and the requirements of each clause of ISO 45001;Describes how the requirements can be fulfilled by an organisation;Provides definitions of the roles and responsibilities of leadership; andIncludes numerous examples, suggestions, sample forms and procedures.Suitable for HSQE professionals, project managers, lead implementers and senior management, this book demystifies the ISO 45001 Standard by presenting its contents and implementation methodology in a simple, user-friendly and easily understandable manner. Consultants, trainers and auditors will also find it a useful reference guide.Successfully establish an OHSMS and proactively reduce injury and ill-health in your organisation - buy this book today.About the authorNaeem Sadiq holds a BSc in Aerospace and a Master's in Manufacturing Engineering. He is a certified lead auditor, an ASQ-certified manager and a quality systems auditor. Naeem's experience in engineering and management includes 25 years as an independent consultant, auditor and trainer for the ISO 9001, ISO 14001 and OHSAS 18001 standards.Naeem has presented a number of papers at national conferences on management system standards, and has provided consultancy, training and auditing support to more than 100 organisations. As a freelance writer, he is a regular contributor to national newspapers reporting on safety, environmental and social issues. He is also the author of two books: OHSAS 18001 Step by Step - A practical guide and ISO 14001 Step by Step - A practical guide.

Achieving certification to multiple ISO standards can be time consuming and costly, but an IMS incorporates all of an organisation's processes and systems so that they are working under - and towards - one set of policies and objectives.

This pocket guide serves as an introduction to the National Institute of Standards and Technology (NIST) and to its Cybersecurity Framework (CSF).Now more than ever, organizations need to have a strong and flexible cybersecurity strategy in place in order to both protect themselves and be able to continue business in the event of a successful attack. The NIST CSF is a framework for organizations to manage and mitigate cybersecurity risk based on existing standards, guidelines, and practices.With this pocket guide you can:Adapt the CSF for organizations of any size to implementEstablish an entirely new cybersecurity program, improve an existing one, or simply provide an opportunity to review your cybersecurity practicesBreak down the CSF and understand how other frameworks, such as ISO 27001 and ISO 22301, can integrate into your cybersecurity frameworkBy implementing the CSF in accordance with their needs, organizations can manage cybersecurity risks in the most cost-effective way possible, maximizing the return on investment in the organization's security. This pocket guide also aims to help you take a structured, sensible, risk-based approach to cybersecurity.

A wealth of material has been written to describe the underlying mechanics of ITSM, but very little practical advice is available on how to implement ITSM best practices to achieve an organization's business objectives.The official ITIL volumes explain what service management is, how the processes work and fit together, and why IT functions should adopt the practice, but they are notoriously vague on how to design and implement an ITSM model in a real organization. This challenge is best understood by those with experience of transforming ineffective and expensive IT, yet most ITSM guides are authored from a purely academic standpoint.Real-world IT Service ManagementThis book provides guidance on implementing ITSM Best Practices in an organization based on the authors' real-world experiences. Advice is delivered through a Ten-Step approach, with each step building upon the successes of its predecessors.Subjects covered include:Documenting objectives, identifying current and future demands, analyzing service financials.High-level design, negotiating development priorities, creating an execution plan and roadmap, agreeing roles and responsibilities.Detailed design, building, testing, deploying.Monitoring and continual improvement.Each step includes summary lists of key questions to ask and specific actions to take, and a useful business case template is included as an appendix.A practical guide to ITSMAs organizations seek to boost revenue, cut costs and increase efficiency, they increasingly look to IT as a strategic partner in achieving these objectives.Ten Steps to ITSM Success helps IT to prepare for this role by providing a detailed and practical guide to implementing ITSM best practices. It is aimed at ITSM practitioners and consultants, but will also be of interest to IT Directors and C-suite executives looking to transform the role of IT into a value-creating business partner, to establish a service management culture, and to drive improvements in their respective organizations.

Considering the pandemic threat in a business continuity contextI thoroughly enjoyed reading Clark's book which is written in a style that makes it easy for anyone to understand without requiring a background in medicine or business. I have been involved in disaster management planning for the past ten years and yet I still found this book both enlightening and extremely informative.Dr Tanya Melillo MD, MSc(Dist), PhDThis informative book is written in an easy going and conversational manner, but the message it brings to the table is critical to understanding the meaning of any forthcoming pandemic threat and considerations of how to mitigate the effects, where possible, to you and your organisationOwen Gregory MSc BA (Hons) MBCI MBCSThe increase in commercial aviation and international travel means that pandemics now spread faster than ever before. Seasonal flu pandemics, zoonotic contagions such as Ebola, swine flu and avian flu (e.g. H5N1 and H7N9), and respiratory syndromes such as SARS and MERS have affected millions worldwide. Add the ever-present threat of terrorism and biological warfare, and the possibility of large proportions of your workforce being incapacitated is a lot stronger than you might think.You may well have prepared for limited business interruptions, but how would your business fare if 50% or more of your employees, including those you rely on to execute your business continuity plan, were afflicted by illness - or worse?Although nothing can be done to prevent pandemics, their impact can be significantly mitigated. Business Continuity and the Pandemic Threat explains how.Product overviewThe book is divided into two parts, which examine the pandemic threat and explain how businesses can address it:Part I: Understanding the ThreatThe first, shorter, part provides the reader with a detailed overview of the challenge that pandemic threats can present. It uses historical examples (such as the 1918-19 Spanish Flu outbreak, which killed 50 million) to illustrate how pandemics can have devastating effects not only on the global population but also on critical infrastructure, the global economy and society.Part II: Preparing for the InevitableThe second part of the book considers the actions that can be taken at a global, national, corporate and individual level to mitigate the risk and limit the damage of pandemic incidents. It provides guidance on creating and validating a pandemic plan, and explains how it integrates with a business continuity plan. Comprehensive case studies are provided throughout.Topics covered include:The World Health Organisation (WHO)'s pandemic phases and the Centre for Disease Control (CDC)'s Pandemic Severity IndexPreventive control measuresCrisis management and the composition of a crisis management teamDealing with cash-flow, staff absenteeism, home working and supply chain managementCommunications and media plansPandemic issues for HRThe threat to critical national infrastructureHealth service contingency plans and first responders' business continuity plansThe provision of vaccines and antiviral medicines, including relevant ethical issuesTake your business continuity plan to the next level: ensure your organisation survives a pandemic with a substantially depleted workforce. Buy Business Continuity and the Pandemic Threat today.About the authorA Fellow of the Institute of Business Continuity Management and Member of the Business Continuity Institute, Robert A. Clark is also a Fellow of the British Computer Society and a Member of the Security Institute. His career includes 15 years with IBM and 11 years with Fujitsu Services working with clients on BCM related assignments. He is now a freelance business continuity consultant at www.bcm-consultancy.com.

Co-written by a PCI QSA (Qualified Security Assessor) and updated to cover PCI DSS version 3.2, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organisation involved with payment card processing.

Insider Threat - A Guide to Understanding, Detecting, and Defending Against the Enemy from Within looks beyond perimeter protection tools, and shows how a security culture based on international best practice can help mitigate the insider threat to your security.

Ensure the success of your security programme by understanding users' motivations"e;This book cuts to the heart of many of the challenges in risk management, providing advice and tips from interviews as well as models that can be employed easily. Leron manages to do this without being patronising or prescriptive, making it an easy read with some very real practical takeaways."e;Thom Langford, Chief Information Security Officer at Publicis Groupe"e;Based on real world examples the book provides valuable insights into the relationship of information security, compliance, business economics and decision theory. Drawing on interdisciplinary studies, commentary from the field and his own research Leron gives the reader the necessary background and practical tools to drive improvements in their own information security program."e;Daniel Schatz, Director for Threat & Vulnerability Management at Thomson ReutersIn today's corporations, information security professionals have a lot on their plate. In the face of constantly evolving cyber threats they must comply with numerous laws and regulations, protect their company's assets and mitigate risks to the furthest extent possible.Security professionals can often be ignorant of the impact that implementing security policies in a vacuum can have on the end users' core business activities. These end users are, in turn, often unaware of the risk they are exposing the organisation to. They may even feel justified in finding workarounds because they believe that the organisation values productivity over security. The end result is a conflict between the security team and the rest of the business, and increased, rather than reduced, risk.This can be addressed by factoring in an individual's perspective, knowledge and awareness, and a modern, flexible and adaptable information security approach. The aim of the security practice should be to correct employee misconceptions by understanding their motivations and working with the users rather than against them - after all, people are a company's best assets.Product descriptionBased on insights gained from academic research as well as interviews with UK-based security professionals from various sectors,The Psychology of Information Security - Resolving conflicts between security compliance and human behaviourexplains the importance of careful risk management and how to align a security programme with wider business objectives, providing methods and techniques to engage stakeholders and encourage buy-in.The Psychology of Information Securityredresses the balance by considering information security from both viewpoints in order to gain insight into security issues relating to human behaviour , helping security professionals understand how a security culture that puts risk into context promotes compliance.ContentsChapter 1: Introduction to information securityChapter 2: Risk managementChapter 3: The complexity of risk managementChapter 4: Stakeholders and communicationChapter 5: Information security governanceChapter 6: Problems with policiesChapter 7: How security managers make decisionsChapter 8: How users make decisionsChapter 9: Security and usabilityChapter 10: Security cultureChapter 11: The psychology of complianceChapter 12: Conclusion - Changing the approach to securityAppendix: AnalogiesAbout the authorLeron Zinatullin (zinatullin.com) is an experienced risk consultant specialising in cyber security strategy, management and delivery. He has led large-scale, global, high-value security transformation projects with a view to improve cost performance and support business strategy.He has extensive knowledge and practical experience in solving information security, privacy and architectural issues across multiple industry sectors.He has an MSc in information security from University College London, where he focused on the human aspects of information security. His research was related to modelling conflicts between security compliance and human behaviour.

Aligned with the latest iteration of the Standard - ISO 27001:2013 - this new edition of the original no-nonsense guide to successful ISO 27001 certification is ideal for anyone tackling ISO 27001 for the first time, and covers each element of the ISO 27001 project in simple, non-technical language

Many companies fail to carry out any business continuity exercising. This book explains why validating your BCP is essential to your business's survival, and describes the component parts of a validation programme, with case studies and expert guidance.

ISO 9001:2015 - A Pocket Guide provides a useful introduction to ISO 9001 and the principles of quality management.

A concise introduction to the EU GDPRThe EU General Data Protection Regulation (GDPR) will unify data protection and simplify the use of personal data across the EU from 25 May 2018, when it will automatically supersede member states' domestic data protection laws.It will also apply to every organisation in the world that processes personal information of EU residents.The Regulation introduces a number of key changes for all organisations that process EU residents' personal data.EU GDPR: A Pocket Guide provides an essential introduction to this new data protection law, explaining the Regulation and setting out the compliance obligations for EU organisations. Product overviewEU GDPR - A Pocket Guide sets out: A brief history of data protection and national data protection laws in the EU (such as the German BDSG, French LIL and UK DPA). The terms and definitions used in the GDPR, including explanations. The key requirements of the GDPR, including: Which fines apply to which Articles; The six principles that should be applied to any collection and processing of personal data; The Regulation's applicability; Data subjects' rights; Data protection impact assessments (DPIAs); The role of the data protection officer (DPO) and whether you need one; Data breaches, and the notification of supervisory authorities and data subjects; Obligations for international data transfers. How to comply with the Regulation, including: Understanding your data, and where and how it is used (e.g. Cloud suppliers, physical records); The documentation you need to maintain (such as statements of the information you collect and process, records of data subject consent, processes for protecting personal data); The "appropriate technical and organisational measures" you need to take to ensure your compliance with the Regulation. A full index of the Regulation, enabling you to find relevant Articles quickly and easily. About the authorAlan Calder, the founder and executive chairman of IT Governance Ltd, is an internationally acknowledged cyber security expert, and a leading author on information security and IT governance issues. He co-wrote the definitive compliance guide IT Governance: An International Guide to Data Security and ISO27001/ISO27002, which is the basis for the Open University's postgraduate course on information security, and has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). Alan has consulted on data security for numerous clients in the UK and abroad, and is a regular media commentator and speaker.Quickly understand your new obligations under the EU GDPR, and learn what steps you need to take to avoid costly fines.

A compendium of essential information for the modern security entrepreneur and practitionerThe modern security practitioner has shifted from a predominantly protective site and assets manager to a leading contributor to overall organizational resilience. Accordingly, The Security Consultant's Handbook sets out a holistic overview of the essential core knowledge, emerging opportunities, and approaches to corporate thinking that are increasingly demanded by employers and buyers in the security market.This book provides essential direction for those who want to succeed in security, either individually or as part of a team. It also aims to stimulate some fresh ideas and provide new market routes for security professionals who may feel that they are underappreciated and overexerted in traditional business domains.Product overviewDistilling the author's fifteen years' experience as a security practitioner, and incorporating the results of some fifty interviews with leading security practitioners and a review of a wide range of supporting business literature, The Security Consultant's Handbook provides a wealth of knowledge for the modern security practitioner, covering:Entrepreneurial practice (including business intelligence, intellectual property rights, emerging markets, business funding, and business networking)Management practice (including the security function's move from basement to boardroom, fitting security into the wider context of organizational resilience, security management leadership, adding value, and professional proficiency)Legislation and regulation (including relevant UK and international laws such as the Human Rights Act 1998, the Data Protection Act 1998 and the Geneva Conventions)Private investigations (including surveillance techniques, tracing missing people, witness statements and evidence, and surveillance and the law)Information and cybersecurity (including why information needs protection, intelligence and espionage, cybersecurity threats, and mitigation approaches such as the ISO 27001 standard for information security management)Protective security (including risk assessment methods, person-focused threat assessments, protective security roles, piracy, and firearms)Safer business travel (including government assistance, safety tips, responding to crime, kidnapping, protective approaches to travel security and corporate liability)Personal and organizational resilience (including workplace initiatives, crisis management, and international standards such as ISO 22320, ISO 22301 and PAS 200)Featuring case studies, checklists, and helpful chapter summaries, The Security Consultant's Handbook aims to be a practical and enabling guide for security officers and contractors. Its purpose is to plug information gaps or provoke new ideas, and provide a real-world support tool for those who want to offer their clients safe, proportionate, and value-driven security services.About the authorRichard Bingley is a senior lecturer in security and organizational resilience at Buckinghamshire New University, and co-founder of CSARN, the popular business security advisory network. He has more than fifteen years' experience in a range of high-profile security and communications roles, including as a close protection operative at London's 2012 Olympics and in Russia for the 2014 Winter Olympic Games. He is a licensed close protection operative in the UK, and holds a postgraduate certificate in teaching and learning in higher education. Richard is the author of two previous books: Arms Trade: Just the Facts (2003) and Terrorism: Just the Facts (2004).

OSINT is a rapidly evolving approach to intelligence collection, and its wide application makes it a useful methodology for numerous practices, including within the criminal investigation community. The Tao of Open Source Intelligence is your guide to the cutting edge of this information collection capability.

Passwords are not enoughA password is a single authentication factor - anyone who has it can use it. No matter how strong it is, if it's lost or stolen it's entirely useless at keeping private information private. To secure your data properly, you also need to use a separate, secondary authentication factor.Data breaches are now commonplaceIn recent years, large-scale data breaches have increased dramatically in both severity and number, and the loss of personal information - including password data - has become commonplace. Add to this the fact that rapidly evolving password-cracking technology and the habitual use - and reuse - of weak passwords has rendered the security of username and password combinations negligible, and you have a very strong argument for more robust identity authentication methods. Consumers are beginning to realise just how exposed their personal and financial information is, and are demanding better security from the organisations that collect, process and store it, which in turn has led to a rise in the uptake of two-factor authentication (TFA or 2FA). In the field of authentication security, the method of proving identity can be broken down into three factor classes - roughly summarised as 'what you have', 'what you are', and 'what you know'. Two-factor authentication relies on the combination of two of these factors.Product overviewTFA is nothing new. It's mandated by requirement 8.3 of the Payment Card Industry Data Security Standard (PCI DSS) and banks have been using it for years, combining paymentcards ('what you have') and PINs ('what you know'). If you use online banking you'll probably also have a chip authentication programme (CAP) keypad, which generates a one-time password (OTP).What is new is TFA's rising uptake beyond the financial sector.Two-Factor Authentication provides a comprehensive evaluation of popular secondary authentication methods, such as:* Hardware-based OTP generation* SMS-based OTP delivery* Phone call-based mechanisms* Geolocation-aware authentication* Push notification-based authentication* Biometric authentication factors* Smart card verificationas well as examining MFA (multi-factor authentication), 2SV (two-step verification) and strong authentication (authentication that goes beyond passwords, using security questions or layered security).The book also discusses the wider application of TFA for the average consumer, for example at such organisations as Google, Amazon and Facebook, as well as considering the future of multi-factor authentication, including its application to the Internet of Things (IoT). Increasing your password strength will do absolutely nothing to protect you from online hacking, phishing attacks or corporate data breaches. If you're concerned about the security of your personal and financial data, you need to read this book.

Applying the Data Protection Act to the CloudThe UK's Data Protection Act 1998 (DPA) applies to the whole lifecycle of information, from its original collection to its final destruction. Failure to comply with the DPA's eight principles could lead to claims for compensation from affected individuals and financial penalties of up to 000 from the Information Commissioner's Office, not to mention negative publicity and reputational damage.An expert introductionMore than 85% of businesses now take advantage of Cloud computing, but Cloud computing does not sit easily with the DPA. Data Protection and the Cloud addresses that issue, providing an expert introduction to the legal and practical data protection risks involved in using Cloud services. Data Protection and the Cloud highlights the risks an organisation's use of the Cloud might generate, and offers the kind of remedial measures that might be taken to mitigate those risks.Topics covered include:Protecting the confidentiality, integrity and accessibility of personal dataData protection responsibilitiesThe data controller/data processor relationshipHow to choose Cloud providersCloud security - including two-factor authentication, data classification and segmentationThe increased vulnerability of data in transitThe problem of BYOD (bring your own device)Data transfer abroad, US Safe Harbor and EU legislationRelevant legislation, frameworks and guidance, including:- the EU General Data Protection Regulation- Cloud computing standards- the international information security standard, ISO 27001- the UK Government's Cyber Essentials scheme and security framework- CESG's Cloud security management principles- guidance from the Information Commissioner's Office and the Open Web Application Security Project (OWASP)Mitigate the security risksMitigating security risks requires a range of combined measures to be used to provide end-to-end security. Moving to the Cloud does not solve security problems, it just adds another element that must be addressed. Data Protection and the Cloud provides information on how to do so while meeting the DPA's eight principles.

This book is intended for application developers, system administrators and operators, as well as networking professionals who need a comprehensive top level view of web application security in order to better defend and protect both the "web" and the "application" against potential attacks

Provides an insight into the changing role and responsibilities of the ISM, walking you through a typical ISM's year and using the role of project manager on a programme of change to highlight the various incidents and issues that arise on an almost daily basis - and often go unnoticed.

Reviewing IT in Due Diligence provides an introduction to IRM in due diligence, and outlines some of the key IT issues to consider as part of the due diligence process. For those new to the process, it explains how to conduct an IT due diligence review, from scoping to reporting, and includes information on post-merger integration.

Protect your organisation by building a security-minded culture"e;With this book, Kai Roer has taken his many years of cyber experience and provided those with a vested interest in cyber security a firm basis on which to build an effective cyber security training programme."e;Dr. Jane LeClair Chief Operating Officer National Cybersecurity Institute, Washington, D.C.Human nature - easy prey for hackers?Human behaviour is complex and inconsistent, making it a rich hunting ground for would-be hackers and a significant risk to the security of your organisation . An effective way to address this risk is to create a culture of security. Using the psychology of group behaviour and explaining how and why people follow social and cultural norms, the author highlights the underlying cause for many successful and easily preventable attacks.An effective framework for behavioural securityIn this book Kai Roer presents his Security Culture Framework, and addresses the human and cultural factors in organisational security. The author uses clear, everyday examples and analogies to reveal social and cultural triggers that drive human behaviour . He explains how to manage these threats by implementing an effective framework for an organisational culture, ensuring that your organisation is set up to repel malicious intrusions and threats based on common human vulnerabilities.ContentsWhat is security culture?The Elements of security cultureHow does security culture relate to security awareness?Asking for help raises your chances of successThe psychology of groups and how to use it to your benefitMeasuring cultureBuilding security cultureAbout the authorKai Roer is a management and security consultant and trainer with extensive international experience from more than 30 countries around the world. He is a guest lecturer at several universities, and the founder of The Roer Group, a European management consulting group focusing on security culture.Kai has authored a number of books on leadership and cyber security , has been published extensively in print and online, has appeared on radio and television, and has featured in printed media. He is a columnist at Help Net Security and has been the Cloud Security Alliance Norway chapter president since 2012.Kai is a passionate public speaker who engages his audience with his entertaining style and deep knowledge of human behaviours , psychology and cyber security . He is a Fellow of the National Cybersecurity Institute and runs a blog on information security and culture (roer.com). Kai is the host of Security Culture TV, a monthly video and podcast.Series informationBuild a Security Culture is part of theFundamentals Series, co-published by IT Governance Publishing and Information Security Buzz.

Do you trust the Cloud? Should you trust the Cloud?'Cloud Computing' are the words on everyone's lips - it's the latest technology, the way forward. But how safe is it? Is it reliable? How secure will your information be?Questions ...Cloud Computing: Assessing the risks answers these questions and many more. Using jargon-free language and relevant examples, analogies and diagrams, it is an up-to-date, clear and comprehensive guide the security, governance, risk, and compliance elements of Cloud Computing.Written by three internationally renowned experts, this book discusses the primary concerns of most businesses leaders - the security and risk elements of the Cloud. But 'security and risk' are just two elements of Cloud Computing, and this book focuses on all the critical components of a successful cloud programme including - compliance, risk, reliability, availability, areas of responsibility, Cloud Computing borders, legalities, digital forensics and business continuity. This book covers them all.... and answersThis book will enable you to:understand the different types of Cloud and know which is the right one for your businesshave realistic expectations of what a Cloud service can give you, and enable you to manage it in the way that suits your businessminimise potential disruption by successfully managing the risks and threatsmake appropriate changes to your business in order to seize opportunities offered by Cloudset up an effective governance system and benefit from the consequential cost savings and reductions in expenditureunderstand the legal implications of international data protection and privacy laws, and protect your business against falling foul of such lawsappreciate how the Cloud can benefit your business continuity and disaster recovery planning.

This practical guide recognises that every organisation functions differently, has different goals, and faces different challenges. It will give you the tools you need to understand the factors influencing your organisation, to identify how your business must respond, and to implement the necessary changes.

The Agile auditing challengeMany auditors are now encountering Agile management methodologies for the first time. In some cases, this can cause problems for the audit process because the methodology is very different from traditional approaches. Aside from the difficulties faced by the auditor, an ineffective audit can have a negative effect on an Agile project by giving a false impression of its progress. It might even harm the final project outcome.Bridging the gap between Agile teams and AuditorsWritten for auditors and Agile managers, Agile Governance and Audit bridges the gap between traditional auditing approaches and the requirements of Agile methodologies. It provides an overview of Agile for auditors and other risk professionals who have not encountered the approach before. The book also tells Agile teams what auditors and risk professionals need, and the sort of questions they are likely to ask.Essential reading for anyone involved in an Agile auditEach chapter includes hints and tips for auditors, and a selection of case studies is included to illustrate the practical issues involved in auditing Agile projects. This makes it an ideal book for any auditor encountering the Agile methodology, and any Agile teams preparing for a management audit.This book will enable you to:understand the principles of Agileappreciate how it might be effectively auditedimprove communication between the auditor and the Agile team.Read this book to understand how to get the most out of Agile audits, whatever your role.