May 31, 2011  8:17 PM

Effective Employment Practices for Protecting IT – Part VIII



Posted by: Robert Davis
Conduct Code, Due Care, Due Diligence, Employment Practices, Information Assets Protection, Misappropriation of Assets, Safeguarding Assurance

Technology is an enabler, not a solution, for deploying and executing a sound information assets protection (IAP) strategy. Responsibility for executing IAP should be shared across the entity, making all employees accountable as part of a well...


May 27, 2011  9:33 PM

Effective Employment Practices for Protecting IT – Part VII



Posted by: Robert Davis
Conduct Code, Due Care, Due Diligence, Employment Practices, Information Assets Protection, Misappropriation of Assets, Safeguarding Assurance

Requiring periodic confirmation by employees of their safeguarding responsibilities will not only reinforce IT security policies, but potentially deter individuals...


May 24, 2011  7:49 PM

Effective Employment Practices for Protecting IT – Part VI



Posted by: Robert Davis
Conduct Code, Due Care, Due Diligence, Employment Practices, Information Assets Protection, Misappropriation of Assets, Safeguarding Assurance

Formal, documented entity-centric job (position) descriptions should exist for each entity employee that clearly conveys duties, prohibitions, and reporting relationships. Typically, position descriptions are prepared based on job analyses --...


May 20, 2011  9:54 PM

Effective Employment Practices for Protecting IT – Part V



Posted by: Robert Davis
Conduct Code, Due Care, Due Diligence, Employment Practices, Information Assets Protection, Misappropriation of Assets, Safeguarding Assurance

Stepwise, due care infers activity responsibility; whereby due diligence infers activity continuality. Often considered the ‘prudent person’ rule for professionals, discerning individuals...


May 17, 2011  9:18 PM

Effective Employment Practices for Protecting IT – Part IV



Posted by: Robert Davis
Conduct Code, Due Care, Due Diligence, Employment Practices, Information Assets Protection, Misappropriation of Assets, Safeguarding Assurance

Usually, it is easier to purchase an automated solution addressing IT control practices than to change an entity’s culture. Nevertheless; even the most secure system will not achieve a significant degree of protection if utilized by “


May 13, 2011  8:48 PM

Effective Employment Practices for Protecting IT – Part III



Posted by: Robert Davis
Conduct Code, Due Care, Due Diligence, Employment Practices, Information Assets Protection, Misappropriation of Assets

The threat of insiders to data should not be underestimated. If an entity is to be successful in preventing security breaches, it must have effective policies that minimize the chance of hiring or promoting individuals with low levels of honesty, especially for positions of trust. Supporting this...


May 10, 2011  7:56 PM

Effective Employment Practices for Protecting IT – Part II



Posted by: Robert Davis
Conduct Code, Due Care, Due Diligence, Employment Practices, Information Assets Protection, Misappropriation of Assets

Stakeholders expect managerial personnel to run the entity in accordance with accepted business practices, while maintaining compliance with applicable laws and regulations. An appropriate managerial tone should be established and...


May 6, 2011  10:09 PM

Effective Employment Practices for Protecting IT – Part I



Posted by: Robert Davis
Conduct Code, Due Care, Due Diligence, Employment Practices, Information Assets Protection, Misappropriation of Assets

Based on extensive research by various knowledge leaders, the greatest harm or disruption to IT-based information services emanates from intentional or unintentional actions of internally employed individuals. Frequently, information systems experience disruption, damage, loss or other adverse...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: