IT Governance, Risk, and Compliance:

Information Asset Protection


March 19, 2009  7:56 PM

Control Assessments – Part I



Posted by: Robert Davis
Assurance Services, Control Self-assessment, CSA, IAP, Illegal Acts, Information Asset Protection, Information Security Management, Internal Control Review, Irregularities

For most entities, information and related technologies compliance management is critical to survival as well as success. As with other organizational programs, security compliance does not occur through managerial intent transmissions from a remote planet in some distant galaxy far, far away....

February 23, 2009  9:26 PM

Legal Compliance Alignment – Part IV



Posted by: Robert Davis
FCPA, Foreign Corrupt Practices Act, GLBA, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, HIPAA, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Sarbanes Oxley Act, SOA, SOX

When exploring links between national and international arenas, the information security manager will discover international developments decisively impact national laws. Specifically, regional coalitions have enacted IAP related edicts that subsequently were codified in national laws and...


February 19, 2009  8:47 PM

Legal Compliance Alignment – Part III



Posted by: Robert Davis
FCPA, Foreign Corrupt Practices Act, GLBA, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, HIPAA, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Sarbanes Oxley Act, SOA, SOX

There are numerous global, regional as well as national laws and regulations focusing on information assets protection (IAP) requiring professional consideration. In particular, at...


February 16, 2009  8:00 PM

Legal Compliance Alignment – Part II



Posted by: Robert Davis
FCPA, Foreign Corrupt Practices Act, GLBA, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, HIPAA, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Sarbanes Oxley Act, SOA, SOX

Simultaneous compliance with multiple laws and regulations can create unique challenges for most entities. Selectively, potential compliance hurdles include distinct internal management groups pursuing equivalent goals; diverse audit perspectives, priorities, and requirements; as well as confusion...


February 12, 2009  10:22 PM

Legal Compliance Alignment – Part I



Posted by: Robert Davis
FCPA, Foreign Corrupt Practices Act, GLBA, Gramm-Leach-Bliley Act, Health Insurance Portability and Accountability Act, HIPAA, IAP, Information Asset Protection, Information Security Governance, Information Security Management, ISG, ISM, Sarbanes Oxley Act, SOA, SOX

Institutionalized information security governance defines the information assets safeguarding perimeter inside which an entity should operate. Whereas, legal compliance management ensures structural boundary segments are sturdy and the entity consistently fulfills its mission within externally...


February 5, 2009  9:38 PM

Access Control Convergence – Part 2



Posted by: Robert Davis
Access Controls, Accountability, Authentication, Authorization, Distributed Platforms, Identification, Information Asset Protection, Infrastructure, Logical Security, Physical Security

Integrated policies improving access control are needed to increase safeguarding capabilities. Furthermore, due to technological and operational diversity, it is critical to have standard processes to control access that will permit economies of scale. Potential candidates for access control...


February 2, 2009  7:38 PM

Access Control Convergence – Part 1



Posted by: Robert Davis
Access Controls, Accountability, Authentication, Authorization, Distributed Platforms, Identification, Information Asset Protection, Infrastructure, Logical Security, Physical Security

Computer technology continues to advance toward a tiered decentralized world of distributed platforms for entering, processing, and retrieving information. Technological implementations are diverse and complex; however, all IT deployments should be protected from unauthorized usage utilizing...


January 30, 2009  7:25 PM

Safeguarding Information Assets – Part IV



Posted by: Robert Davis
CISA, CISM, COBIT, Information Asset Protection, Information Security Governance, Information Security Management, ISACA, IT Controls, Security Frameworks

Generally, three unique elements are required for adequate information security architectures: people, processes and technology. For most entities, designing and operating adequate safeguards is an extremely complex process requiring a total...


January 27, 2009  8:09 PM

Safeguarding Information Assets – Part III



Posted by: Robert Davis
CISA, CISM, COBIT, Information Asset Protection, Information Security Governance, Information Security Management, ISACA, IT Controls, Security Frameworks

Protection-of-information-assets reflect the development and deployment of security controls to support ISG. Commonly, protection-of-information-assets require implementing:

  • Logical Access Controls
  • Network Infrastructure...


January 24, 2009  6:30 PM

Safeguarding Information Assets – Part II



Posted by: Robert Davis
CISA, CISM, COBIT, Information Asset Protection, Information Security Governance, Information Security Management, ISACA, IT Controls, Security Frameworks

Responsibilities separation commonly employs segregation-of-functions and segregation-of-duties methodologies. Segregation-of-functions is the construction of individual work units – such as divisional, departmental or sectional organizational groups - to achieve management’s intentions while...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: