IT Governance, Risk, and Compliance:

Information Assets Protection


April 21, 2013  2:16 AM

Revisiting the Safeguarding of Information Assets – Part IX



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

When links between national and international arenas are considered, international developments have decisively impacted national laws. Specifically; regional coalitions have enacted IAP related edicts that subsequently were codified in national laws and regulations. Procedurally, most regional...

April 19, 2013  2:35 AM

Revisiting the Safeguarding of Information Assets – Part VIII



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

There are numerous global, regional as well as national laws and regulations focusing on IAP that require professional consideration. In particular, at the global level, the World Intellectual Property Organisation (WIPO) and World Trade Organization (WTO) have constructed legally binding...


April 14, 2013  2:49 AM

Revisiting the Safeguarding of Information Assets – Part VII



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Generally, determining an entity’s legal mandates exceeds the security function’s ambit. Nonetheless, overseeing applicable legally required control composition, implementation and evaluation are occupational security imperatives.  To reduce potential negative effects of cross-compliance as...


April 11, 2013  8:24 PM

Revisiting the Safeguarding of Information Assets – Part VI



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Regulatory agencies are generally designed to operate with minimum executive or legislative supervision. Theoretically, a commission of experts is more suitable for regulating an industry’s activities than legislative or executive oversight committees. Usually, regulatory agencies are empowered...


April 6, 2013  10:43 PM

Revisiting the Safeguarding of Information Assets – Part V



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Categorically, security implies protection while privacy implies confidentiality.  Laws and regulations have been enacted throughout the world addressing either or both areas as well as intellectual property and contracts.  Compliance with laws and regulations are considered essential to avoid...


April 4, 2013  2:48 PM

Revisiting the Safeguarding of Information Assets – Part IV



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

An entity’s management should, and in several countries do, have a legal responsibility to implement an adequate internal control system for preventing, detecting, and conditionally correcting errors, mistakes, omissions, irregularities and illegal acts. Similar to the legal requirement for...


March 30, 2013  6:39 PM

Revisiting the Safeguarding of Information Assets – Part III



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

IT safeguarding has generated considerable debate within the audit and management communities since the deployment of computers for performing transaction processing. Specifically, the merits of IT auditor involvement in financial statement audits and managements’ fiduciary ISG...


March 28, 2013  9:41 PM

Revisiting the Safeguarding of Information Assets – Part II



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Considering fiduciary tenets and accepting ISG utilizes a top-down approach for legal requirements compliance, if the entity’s executive management has an established or enforceable fiduciary duty then organizational personnel are expected to adhere to and sustain the defined obligation....


March 23, 2013  5:34 PM

Revisiting the Safeguarding of Information Assets – Part I



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Information Security Governance (ISG) normally addresses creating and implementing a ‘system of security controls’ that enable ethical and/or legal managerial responsibilities fulfillment for information assets protection (IAP). Ethically, management must protect an entity’s information...


January 31, 2013  2:33 AM

eBook excerpt: Assuring Information Security – Part XV



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

Usually, it is easier to purchase an IT solution addressing IAP than to change a culture.  However; even the most secure system will not achieve a significant degree of protection if utilized by “ill-informed, untrained, careless or indifferent personnel.”  A well-structured information...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: