The role of the IT team spans the full lifecycle of assets. It begins with the procurement and onboarding of IT resources, followed by configuration, governance, and identification of critical infrastructure. To ensure operational continuity, the IT team should establish robust backups, monitor system thresholds, and execute strategic capacity planning.
This book is about learning the IT landscape, perimeter setup, and the interfaces to business applications. The landscape covers all appliances in network, server, and storage management, their configuration, and maintenance. Capacity, incident, and change management are governance activities of the IT team. In addition to these, the auditor has to understand security policies, patching practices, and segregation of networks for proper access control.
Learning IT auditing helps one become an efficient IT engineer. Auditors bring a strong foundation in systems, controls, and risk management. With focused learning and the right mindset, they can transition into engineers who build secure, efficient, and compliant systems from the beginning. Learning IT auditing will help one to become a good IT service executive, administrator, and architect.
WHAT YOU WILL LEARN
● Defining the scope of the IT landscape in supporting the business.
● Implementing controls based on ITIL and ISO 20000.
● Governance mechanisms, assets, configuration, and change management.
● Administering devices, appliances, and storage systems.
● Ensuring continuity and recovery for critical business operations.
● Importance of logging and monitoring for ensuring availability.
● Security controls for IT infrastructure, network, and operations.
● Conducting audits, writing audit reports, and ensuring remediation.
WHO THIS BOOK IS FOR
This book is intended for the middle management team involved in IT service management, risk, quality, and audit management activities. Server, network, and endpoint device administrators, IT architects, risk managers, crisis managers, and system monitoring team leads will benefit by learning to implement required governance and compliance mechanisms in IT service management for their career growth.
Jyothi Ramaswamy is a seasoned risk, security, audit, and compliance professional with over 25 years of experience in the information security domain. Her career spans a distinguished tenure at Tata Consultancy Services Ltd., where she specialized in defining, implementing, reviewing, and auditing controls across complex IT environments. Currently operating as a freelance consultant, auditor, and trainer, Jyothi brings expertise in auditing diverse facets of organizational process management, particularly in the realms of information security and data privacy. Her consulting work is rooted in global standards, with a strong focus on ISO 27001, ISO 20000, ISO 9001, ISO 27701, and CIS controls.
Jyothi is a passionate educator and a certified trainer, known for delivering impactful sessions on cybersecurity, service and quality management, and regulations. Her audit experience spans enterprise networks, firewall-segregated infrastructures, and air-gapped systems. She has played key roles in ISO audits, SSAE assessments, third-party risk evaluations, and internal audits across various business functions. A committed member of professional bodies such as ISACA, IEEE, and GCA, Jyothi actively contributes to local chapters and has led numerous awareness programs on data privacy, cyber risk, and audit methodologies. Her credentials include ISO 27001:2022 Lead Auditor, CRISC – Certified in Risk and Information Systems Control, CISM – Certified Information Security Manager, CRISP – Certified Risk Professional, BS 7799 Lead Implementer, and APMG accredited ISACA Chapter Trainer for CISM and CRISC certifications.
Known for her collaborative spirit, sharp analytical skills, and problem-solving capabilities, Jyothi continues to contribute to the future of audit and security through her thought leadership and hands-on expertise.
