Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks
An entity’s management should, and in several countries do, have a legal responsibility to implement an adequate internal control system for preventing, detecting, and conditionally correcting errors, mistakes, omissions, irregularities and illegal acts. Similar to the legal requirement for maintaining a ‘system of internal accounting controls,’ some technology related laws and regulations only address the system of privacy controls for specific information assets; thereby, leaving other information security control systems at management’s discretion.
Davis, Robert E. IT Auditing: Irregular and Illegal Acts.Mission Viejo,CA: Pleier Corporation, 2006. CD-ROM.