March, 2013

Revisiting the Safeguarding of Information Assets – Part III

IT safeguarding has generated considerable debate within the audit and management communities since the deployment of computers for performing transaction processing. Specifically, the merits of IT auditor involvement in financial statement audits and managements’ fiduciary ISG...

Revisiting the Safeguarding of Information Assets – Part II

Considering fiduciary tenets and accepting ISG utilizes a top-down approach for legal requirements compliance, if the entity’s executive management has an established or enforceable fiduciary duty then organizational personnel are expected to adhere to and sustain the defined obligation....

Revisiting the Safeguarding of Information Assets – Part I

Information Security Governance (ISG) normally addresses creating and implementing a ‘system of security controls’ that enable ethical and/or legal managerial responsibilities fulfillment for information assets protection (IAP). Ethically, management must protect an entity’s information...

Risk Management: Is it just another set of business buzzwords? – Part VIII

IT policies, directives, standards, procedures, and rules should be deployed based on assessed effectiveness and efficiency in addressing managements risk appetite. Deployed controlling and monitoring activities should reflect management’s strategy for ensuring an adequate IT control system. IT...

Risk Management: Is it just another set of business buzzwords? – Part VII

Management should establish standards as baselines for measuring quantity, weight, extent, value, or quality.  Standards can be considered specific goals or objectives against which performance is compared.  Selection of points where performance will be measured is critical to...

Risk Management: Is it just another set of business buzzwords? – Part VI

Controlling and monitoring activities attempting to ensure acceptable risk responses include:

• Policies
• Directives
• Standards
• Procedures
• Rules

Risk Management: Is it just another set of business buzzwords? – Part V

Usually, IT risk analysis has four primary goals:

• Identifying assets and their associated values
• Identifying vulnerabilities and threats
• Quantifying the probability and business impact of potential threats
• Providing an economic balance between threat...

Risk Management: Is it just another set of business buzzwords? – Part IV

The risk management process introduces a systematic approach for identifying, assessing, and reducing risks as well as maintaining defined acceptable risk levels.  An IT risk assessment should be considered a key risk management practice area.  When management institutionalizes an IT governance...

Risk Management: Is it just another set of business buzzwords? – Part III

Similar to business risk management, IT risk management is a continuous process that should be interlaced into the fabric of an entity.  IT risks directly impact an entity’s ability to provide goods and/or services at an acceptable price.  Inherently, computer hardware and software as well as...