IT Governance, Risk, and Compliance:

January, 2013

1

January 31, 2013  2:33 AM

eBook excerpt: Assuring Information Security – Part XV

Robert Davis Robert Davis Profile: Robert Davis

Usually, it is easier to purchase an IT solution addressing IAP than to change a culture.  However; even the most secure system will not achieve a significant degree of protection if utilized by “ill-informed, untrained, careless or indifferent personnel.”  A well-structured information...

January 26, 2013  1:02 AM

eBook excerpt: Assuring Information Security – Part XIV

Robert Davis Robert Davis Profile: Robert Davis

With respect to IAP, the information security function should:

  • establish processes for provisioning user accounts
  • ensure all entity positions are reviewed for sensitivity level
  • document procedures for friendly and unfriendly terminations
  • install...


January 24, 2013  1:54 AM

eBook excerpt: Assuring Information Security – Part XIII

Robert Davis Robert Davis Profile: Robert Davis

1.3 Entity Employees

“The first line of defense from insider threats is the employees themselves.” – Software Engineering Institute (SEI)
Stakeholders expect managerial personnel to run the entity in accordance...


January 19, 2013  4:35 PM

eBook excerpt: Assuring Information Security – Part XII

Robert Davis Robert Davis Profile: Robert Davis

If management views an IAP program as a methodology for achieving information systems goals and objectives, the adopted processes can enable a series of assessments defining control usefulness and control deployment; while conjunctively correlating effectiveness and efficiency directly linked to...


January 17, 2013  12:01 AM

eBook excerpt: Assuring Information Security – Part XI

Robert Davis Robert Davis Profile: Robert Davis

Roles and responsibilities assignment for providing adequate IAP is typically considered critical to effective and efficient IT security.  However, depending on the entity, IAP management roles and responsibilities may focus solely on IT security or IT and business security.  Roles and...


January 12, 2013  5:59 PM

eBook excerpt: Assuring Information Security – Part X

Robert Davis Robert Davis Profile: Robert Davis

Classically, managers are individuals assigned to and functioning at various responsibility, accountability, and authority levels.  Top-level managers are usually responsible for overall entity direction, accountable to stakeholders, and have the authority to establish measurable and achievable...


January 10, 2013  3:33 AM

eBook excerpt: Assuring Information Security – Part IX

Robert Davis Robert Davis Profile: Robert Davis

In fulfilling addressable COBIT information criteria, an IAP program should include processes and steps for assessing tangible as well as intangible property.  The distinction between tangible and intangible is the physical nature of the property.  Properties having a physical existence -- such...


January 5, 2013  4:52 PM

eBook excerpt: Assuring Information Security – Part VIII

Robert Davis Robert Davis Profile: Robert Davis

1.2 IAP Management

“Applying similar management practices to [i]nformation security management is unavoidable as the security environment keeps on increasing in complexity and insecurity.” – Security...


January 3, 2013  1:35 AM

eBook excerpt: Assuring Information Security – Part VII

Robert Davis Robert Davis Profile: Robert Davis

Compliance...


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: