information security compliance

Write 300 or more words to answer all the questions below in paragraph form in apa format with 3 references. Answer all parts below in one paper 300 or more words!



1. What is IT Security Auditing? What does it involve?
2. Why are Governance and Compliance Important?



3. Explain in details the roles and responsibilities in an organization associated with the following:


  • Risk Manager
  • Auditor
  • Executive Manager


4. Define the Certification and Accreditation (C&A) Process and briefly discuss the phases of C&A.