It Governance: An International Guide to Data Security and ISO 27001/ISO 27002

I was recently assigned ISO 27K Custodian and Internal Auditor as an additional duty. This book gives me ideas on questions to ask during the internal audits and it may be useful for planning audits in the future so SMEs who are responsible for related controls can get all of their controls done at once.

Title starts with "IT Governance" but it is, in fact, a good book about the ISO 2700x set of standards. What it does NOT cover, are models of management of an IT department within an organization, something also called "IT Governance". Maybe I would have been more at ease with Infosec Governance or IT Cyber Governance, in this regard.