IT Governance, Risk, and Compliance

Jan 26 2013   1:02AM GMT

eBook excerpt: Assuring Information Security – Part XIV



Posted by: Robert Davis
Tags:
Accountability
Acquire and Implement
Adaptive Systems
Asset Management
Assurance Services
Availability Management
COBIT
COBIT Domains
Control Environment
Control Objectives
Control Objectives for Information and related Technology
Deliver and Support
Due Diligence
Fiduciary Responsibility
Framework
Information Assets Protection
Information Security Governance
Information Security Management
ISG
Key Performance Indicators
Monitor and Evaluate
Performance Measurement
Plan and Organize
Risk Management
Strategic Alignment
Value Delivery

With respect to IAP, the information security function should:

  • establish processes for provisioning user accounts
  • ensure all entity positions are reviewed for sensitivity level
  • document procedures for friendly and unfriendly terminations
  • install mechanisms for holding users responsible for their actions
  • verify user access is restricted to information assets consistent with ‘least privilege’ principles
  • retain signed human resources statements documenting appropriate background screenings for positions which individuals are employed
  • monitor whether crucial functions are divided among different individuals to disable the necessary authority or access that could result in irregularities or illegal acts
  • evaluate whether crucial functions are divided among different individuals to disable the necessary authority or access that could result in irregularities or illegal acts

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: