IT Governance, Risk, and Compliance:

CISA


December 30, 2009  7:03 PM

IT Audit Verification Planning: Resolving Technique Selection – Part IV



Posted by: Robert Davis
AA, Applications, Assurance Service, Audit Assurance, CI, CIA, CICA, CISA, CITP, Compliance Testing, Configuration Item, Files, Information Asset, Information Technology, Infrastructure, IT, IT Audit, PM, Program, Project Management, Risk Management, Substantive Testing, Testing Techniques

Auditing IT configurations involves performing compliance and substantive tests on a selected

December 28, 2009  9:08 PM

IT Audit Verification Planning: Resolving Technique Selection – Part III



Posted by: Robert Davis
AA, Applications, Audit Assurance, CI, CICA, CISA, CITP, Compliance Testing, Configuration Item, Files, Information Asset, Information Technology, Infrastructure, IT, IT Audit, PM, Program, Project Management, Risk Management, Substantive Testing, Testing Techniques

Auditing electronically encoded programs can also involve compliance and substantive testing. Compliance testing usually involves testing programs for controls. Techniques for auditing programs are primarily oriented toward...


December 23, 2009  8:11 PM

IT Audit Verification Planning: Resolving Technique Selection – Part II



Posted by: Robert Davis
AA, Applications, Assurance Service, Audit Assurance, CI, CICA, CISA, CITP, Compliance Testing, Configuration Item, Files, Information Asset, Information Technology, Infrastructure, IT, IT Audit, PM, Program, Project Management, Risk Management, Substantive Testing, Testing Techniques

Compliance testing is the primary method employed to verify stated controls are operating effectively, while substantive testing is the primary method utilized to increase audit assurance. For instance, an IT auditor may reperform compliance testing, documented by an entity’s


November 16, 2009  8:13 PM

Second-Tier Governance Deployment – Part IV



Posted by: Robert Davis
CISA, CISM, Concentrator, Decision Theory, Fiduciary Responsibility, Framework, Governance Tree, Information Security Governance, Information Security Management, Information Theory, ISG, ISM, Multiplexor, Node, Stakeholder

Abstraction levels are developed based on perceived usefulness. Second-tier Governance Tree information nodes can be viewed in the context of programs, systems, and processes. Pragmatically, establishment of entity-level governance is a second-tier


January 30, 2009  7:25 PM

Safeguarding Information Assets – Part IV



Posted by: Robert Davis
CISA, CISM, COBIT, Information Asset Protection, Information Security Governance, Information Security Management, ISACA, IT Controls, Security Frameworks

Generally, three unique elements are required for adequate information security architectures: people, processes and technology. For most entities, designing and operating adequate safeguards is an extremely complex process requiring a total...


January 27, 2009  8:09 PM

Safeguarding Information Assets – Part III



Posted by: Robert Davis
CISA, CISM, COBIT, Information Asset Protection, Information Security Governance, Information Security Management, ISACA, IT Controls, Security Frameworks

Protection-of-information-assets reflect the development and deployment of security controls to support ISG. Commonly, protection-of-information-assets require implementing:

  • Logical Access Controls
  • Network Infrastructure...


January 24, 2009  6:30 PM

Safeguarding Information Assets – Part II



Posted by: Robert Davis
CISA, CISM, COBIT, Information Asset Protection, Information Security Governance, Information Security Management, ISACA, IT Controls, Security Frameworks

Responsibilities separation commonly employs segregation-of-functions and segregation-of-duties methodologies. Segregation-of-functions is the construction of individual work units – such as divisional, departmental or sectional organizational groups - to achieve management’s intentions while...


January 23, 2009  7:31 PM

Safeguarding Information Assets – Part I



Posted by: Robert Davis
CISA, CISM, COBIT, Information Asset Protection, Information Security Governance, Information Security Management, ISACA, IT Controls, Security Frameworks

Explicitly or implicitly, safeguarding assets is an inescapable fiduciary obligation bestowed on managers; whether the entity exists for-profit or not-for-profit. Fiduciary duties are an inherent managerial responsibility correlated to accountability that can be conveyed through legislation,...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: