IT Governance, Risk, and Compliance:

March, 2009

1

March 31, 2009  9:36 PM

Control Assessments – Part IV



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, ICR, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

Arguably, data security is the most significant domain supporting information reliability. Entity oversight committees should monitor control activities for on-going relevance and effectiveness as well as responses to information security...

March 28, 2009  8:20 PM

Control Assessments – Part III



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, ICR, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

Information security managers should prepare for audits utilizing control self-assessments to verify compliance with laws, regulations, policies and procedures. It is always a sound idea to strategically plan annual control self-assessments....


March 24, 2009  7:11 PM

Control Assessments – Part II



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, ICR, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

Management needs to understand the status of the entity's IT systems to decide what safeguarding mechanisms should be deployed to meet business requirements. When IAP monitoring is built into the entity's operating activities, and process performance is reviewed on a real-time basis; control...


March 19, 2009  7:56 PM

Control Assessments – Part I



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

For most entities, information and related technologies compliance management is critical to survival as well as success. As with other organizational programs, security compliance does not occur through managerial intent transmissions from a remote planet in some distant galaxy far, far away....


March 16, 2009  7:01 PM

Physical Token Protection – Part IV



Posted by: Robert Davis
Availability, CIA, Confidentiality, Functionality, Identification, Information Security Management, Integrity, ISM, IT Security, Laws and Regulations, Quality, Service Level Agreement, SLA, Token, Usability

Regarding provisioning physical authentication mediums, an entity's deployed access control process should clearly define the way encoded identification is delivered to users -- within the context of promoting adequate confidentiality, integrity and availability. Specifically, the process to...


March 12, 2009  6:41 PM

Physical Token Protection – Part III



Posted by: Robert Davis
Availability, CIA, Confidentiality, Functionality, Identification, Information Security Management, Integrity, ISM, IT Security, Laws and Regulations, Quality, Service Level Agreement, SLA, Token, Usability

As a corollary requirement, when considering physical tokens, functionality is directly related to capabilities. Consequently, physical token appropriateness should be evaluated based on the set of attributes applicable to the existing set of activities and their specific properties. In other...


March 9, 2009  6:56 PM

Physical Token Protection – Part II



Posted by: Robert Davis
Availability, CIA, Confidentiality, Functionality, Identification, Information Security Management, Integrity, ISM, IT Security, Laws and Regulations, Service Level Agreement, SLA, Token, Usability

Information asset usability implies availability to perform requested services as well as transparency. Determining physical token usability necessitates assessing relevant and pertinent services for the access process as well as secure user delivery in a timely, correct, and consistent manner....


March 6, 2009  7:50 PM

Physical Token Protection – Part I



Posted by: Robert Davis
Availability, CIA, Confidentiality, Functionality, Identification, Information Security Management, Integrity, ISM, IT Security, Laws and Regulations, Token, Usability

Organizationally, information security normally is considered a program enabling and optimizing IT security services for the entity in order to satisfy business requirements, while simultaneously providing strategic and tactical IT security infrastructure management that complies with applicable...


March 3, 2009  4:05 AM

Peer-to-Peer Networking – Part 2



Posted by: Robert Davis
Applications, HDLC, Infrastructure, Network Access Protection, P2P, Password-Protected Share, Peer-to-Peer, Performance, Privacy, Security Risks, Share-level Security, X.25

Maybe, experientially, the small branch office with a P2P network has escaped a security incident since deployment. Even so, a functional P2P network unintentionally presents itself as a potential target waiting for someone capable of pulling the threat trigger to introduce a potent security...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: