IT Governance, Risk, and Compliance:

IAP


May 7, 2009  11:14 PM

Developing Objectives – Part III



Posted by: Robert Davis
Accountability, Behavioral Management, Benchmarking, Goals, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Management by Objectives, MBO, Planning Committee, Resource Allocation, Responsibility

A system for disseminating information security management objectives is considered fundamental to obtain employee commitment. One way to communicate entity-centric information security objectives is clear and concise policies. Information security...

Bookmark and Share     0 Comments     RSS Feed     Email a friend

May 4, 2009  6:32 PM

Developing Objectives – Part II



Posted by: Robert Davis
Accountability, Behavioral Management, Benchmarking, Goals, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Management by Objectives, MBO, Planning Committee, Resource Allocation, Responsibility

Within behavioral management theory, entity leaders have alternative approaches available to accomplish information assets safeguarding objectives development -- including participative, consultative, free rein, and autocratic models....


March 31, 2009  9:36 PM

Control Assessments – Part IV



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, ICR, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

Arguably, data security is the most significant domain supporting information reliability. Entity oversight committees should monitor control activities for on-going relevance and effectiveness as well as responses to information security...


March 28, 2009  8:20 PM

Control Assessments – Part III



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, ICR, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

Information security managers should prepare for audits utilizing control self-assessments to verify compliance with laws, regulations, policies and procedures. It is always a sound idea to strategically plan annual control self-assessments....


March 24, 2009  7:11 PM

Control Assessments – Part II



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, ICR, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

Management needs to understand the status of the entity's IT systems to decide what safeguarding mechanisms should be deployed to meet business requirements. When IAP monitoring is built into the entity's operating activities, and process performance is reviewed on a real-time basis; control...


March 19, 2009  7:56 PM

Control Assessments – Part I



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

For most entities, information and related technologies compliance management is critical to survival as well as success. As with other organizational programs, security compliance does not occur through managerial intent transmissions from a remote planet in some distant galaxy far, far away....


February 23, 2009  9:26 PM

Legal Compliance Alignment – Part IV



Posted by: Robert Davis
FCPA, Foreign Corrupt Practices Act, GLBA, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, HIPAA, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Sarbanes Oxley Act, SOA, SOX

When exploring links between national and international arenas, the information security manager will discover international developments decisively impact national laws. Specifically, regional coalitions have enacted IAP related edicts that subsequently were codified in national laws and...


February 19, 2009  8:47 PM

Legal Compliance Alignment – Part III



Posted by: Robert Davis
FCPA, Foreign Corrupt Practices Act, GLBA, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, HIPAA, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Sarbanes Oxley Act, SOA, SOX

There are numerous global, regional as well as national laws and regulations focusing on information assets protection (IAP) requiring professional consideration. In particular, at...


February 16, 2009  8:00 PM

Legal Compliance Alignment – Part II



Posted by: Robert Davis
FCPA, Foreign Corrupt Practices Act, GLBA, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, HIPAA, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Sarbanes Oxley Act, SOA, SOX

Simultaneous compliance with multiple laws and regulations can create unique challenges for most entities. Selectively, potential compliance hurdles include distinct internal management groups pursuing equivalent goals; diverse audit perspectives, priorities, and requirements; as well as confusion...


February 12, 2009  10:22 PM

Legal Compliance Alignment – Part I



Posted by: Robert Davis
FCPA, Foreign Corrupt Practices Act, GLBA, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, HIPAA, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Sarbanes Oxley Act, SOA, SOX

Institutionalized information security governance defines the information assets safeguarding perimeter inside which an entity should operate. Whereas, legal compliance management ensures structural boundary segments are sturdy and the entity consistently fulfills its mission within externally...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: