IT Governance, Risk, and Compliance:

Due Diligence


March 8, 2013  10:41 PM

Risk Management: Is it just another set of business buzzwords? – Part V



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Usually, IT risk analysis has four primary goals:

  • Identifying assets and their associated values
  • Identifying vulnerabilities and threats
  • Quantifying the probability and business impact of potential threats
  • Providing an economic balance between threat...

March 7, 2013  1:54 AM

Risk Management: Is it just another set of business buzzwords? – Part IV



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

The risk management process introduces a systematic approach for identifying, assessing, and reducing risks as well as maintaining defined acceptable risk levels.  An IT risk assessment should be considered a key risk management practice area.  When management institutionalizes an IT governance...


March 2, 2013  4:38 PM

Risk Management: Is it just another set of business buzzwords? – Part III



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management Information System, Operating Style, Risk Management, Threat Management

Similar to business risk management, IT risk management is a continuous process that should be interlaced into the fabric of an entity.  IT risks directly impact an entity’s ability to provide goods and/or services at an acceptable price.  Inherently, computer hardware and software as well as...


February 28, 2013  2:50 AM

Risk Management: Is it just another set of business buzzwords? – Part II



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management System, Operating Style, Risk Management, Threat Management

An entity’s business risk management framework should be a strategic axial enabled to accept diverse strategy spokes. Proactively, business risk management should represent the process whereby an entity methodically addresses risks attached to activities with the objective of achieving sustained...


February 23, 2013  6:44 PM

Risk Management: Is it just another set of business buzzwords? – Part I



Posted by: Robert Davis
Administrative Control, Asset Management, Business Continuity, Continuity Management, Crisis Management, Decision Making, Due Care, Due Diligence, Enterprise Governance, Event Management, Incident Management, Information Technology, IT, IT Management, Management System, Operating Style, Risk Management, Threat Management

Risk management is not an issue any ‘going concern’ should consider a platitude used to demonstrate effective leadership.  Those responsible for governance...


January 31, 2013  2:33 AM

eBook excerpt: Assuring Information Security – Part XV



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

Usually, it is easier to purchase an IT solution addressing IAP than to change a culture.  However; even the most secure system will not achieve a significant degree of protection if utilized by “ill-informed, untrained, careless or indifferent personnel.”  A well-structured information...


January 26, 2013  1:02 AM

eBook excerpt: Assuring Information Security – Part XIV



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

With respect to IAP, the information security function should:

  • establish processes for provisioning user accounts
  • ensure all entity positions are reviewed for sensitivity level
  • document procedures for friendly and unfriendly terminations
  • install...


January 24, 2013  1:54 AM

eBook excerpt: Assuring Information Security – Part XIII



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

1.3 Entity Employees

“The first line of defense from insider threats is the employees themselves.” – Software Engineering Institute (SEI)
Stakeholders expect managerial personnel to run the entity in accordance...


January 19, 2013  4:35 PM

eBook excerpt: Assuring Information Security – Part XII



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

If management views an IAP program as a methodology for achieving information systems goals and objectives, the adopted processes can enable a series of assessments defining control usefulness and control deployment; while conjunctively correlating effectiveness and efficiency directly linked to...


January 17, 2013  12:01 AM

eBook excerpt: Assuring Information Security – Part XI



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

Roles and responsibilities assignment for providing adequate IAP is typically considered critical to effective and efficient IT security.  However, depending on the entity, IAP management roles and responsibilities may focus solely on IT security or IT and business security.  Roles and...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: