IT Governance, Risk, and Compliance:

May, 2011

1

May 31, 2011  8:17 PM

Effective Employment Practices for Protecting IT – Part VIII

Robert Davis Robert Davis Profile: Robert Davis

Technology is an enabler, not a solution, for deploying and executing a sound information assets protection (IAP) strategy. Responsibility for executing IAP should be shared across the entity, making all employees accountable as part of a well...

May 27, 2011  9:33 PM

Effective Employment Practices for Protecting IT – Part VII

Robert Davis Robert Davis Profile: Robert Davis

Requiring periodic confirmation by employees of their safeguarding responsibilities will not only reinforce IT security policies, but potentially deter individuals...


May 24, 2011  7:49 PM

Effective Employment Practices for Protecting IT – Part VI

Robert Davis Robert Davis Profile: Robert Davis

Formal, documented entity-centric job (position) descriptions should exist for each entity employee that clearly conveys duties, prohibitions, and reporting relationships. Typically, position descriptions are prepared based on job analyses --...


May 20, 2011  9:54 PM

Effective Employment Practices for Protecting IT – Part V

Robert Davis Robert Davis Profile: Robert Davis

Stepwise, due care infers activity responsibility; whereby due diligence infers activity continuality. Often considered the ‘prudent person’ rule for professionals, discerning individuals...


May 17, 2011  9:18 PM

Effective Employment Practices for Protecting IT – Part IV

Robert Davis Robert Davis Profile: Robert Davis

Usually, it is easier to purchase an automated solution addressing IT control practices than to change an entity’s culture. Nevertheless; even the most secure system will not achieve a significant degree of protection if utilized by “


May 13, 2011  8:48 PM

Effective Employment Practices for Protecting IT – Part III

Robert Davis Robert Davis Profile: Robert Davis

The threat of insiders to data should not be underestimated. If an entity is to be successful in preventing security breaches, it must have effective policies that minimize the chance of hiring or promoting individuals with low levels of honesty, especially for positions of trust. Supporting this...


May 10, 2011  7:56 PM

Effective Employment Practices for Protecting IT – Part II

Robert Davis Robert Davis Profile: Robert Davis

Stakeholders expect managerial personnel to run the entity in accordance with accepted business practices, while maintaining compliance with applicable laws and regulations. An appropriate managerial tone should be established and...


May 6, 2011  10:09 PM

Effective Employment Practices for Protecting IT – Part I

Robert Davis Robert Davis Profile: Robert Davis

Based on extensive research by various knowledge leaders, the greatest harm or disruption to IT-based information services emanates from intentional or unintentional actions of internally employed individuals. Frequently, information systems experience disruption, damage, loss or other adverse...


May 3, 2011  9:33 PM

Right-sizing IT Controls – Part VIII

Robert Davis Robert Davis Profile: Robert Davis

Deploying key IT governance practices enhance an entity’s ability to meet control objectives for cost, functionality, and quality. Yet, regardless of the IT control techniques and automated tools available, the...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: