IT Governance, Risk, and Compliance:

Information Security Governance


September 30, 2011  8:54 PM

Auditing Information Security Governance – Part III



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

Reflective of ISACA standards and guidelines, the IT audit process should be replicated within for-profit and not-for-profit entities. Foundational assurance topics which should be considered from a management perspective are presented within the Information...

September 27, 2011  8:19 PM

Auditing Information Security Governance – Part II



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

Management is responsible for developing and deploying good security governance, which has been typically defined to include resilient protection regarding the IT infrastructure and related information systems supporting critical functions and business processes. Within the information security...


September 23, 2011  7:47 PM

Auditing Information Security Governance – Part I



Posted by: Robert Davis
Certified Information Systems Auditor, Certified Information Technology Professional, Certified Internal Auditor, Certified Internal Controls Auditor, Certified Public Accountant, External Audit, Information Security Governance, Internal Audit, ISG, IT Audit

Governance supports stakeholder expectations related to management’s fiduciary responsibilities. Governance also reflects how an entity achieves its stated mission. Specifically, governance can be considered the program by which entities are directed and controlled.


July 26, 2011  8:04 PM

Business Continuity and IT Availability – Part VIII



Posted by: Robert Davis
Backup, BCM, BCP, Business Continuity, Crisis Management, Disaster Recovery, DRP, Information Security Governance, Information Security Service Management, Information Technology Service Management, ISG, ISSM, ITSM, Service Delivery, Service Disruption, Threat Management

Directly, an entity’s DRP has a significant affect on the viability of IT and information security governance programs. Indirectly, IT and information security governance programs may impact stakeholder assessed entity value. Regardless of organizational formation -- corporation, partnership,...


July 22, 2011  5:35 PM

Business Continuity and IT Availability – Part VII



Posted by: Robert Davis
Backup, BCM, BCP, Business Continuity, Crisis Management, Disaster Recovery, DRP, Information Security Governance, Information Security Service Management, Information Technology Service Management, ISG, ISSM, ITSM, Service Delivery, Service Disruption, Threat Management

Through establishment and deployment of an emergency management program, top-level personnel can send a clear message to everyone in the entity that business continuity and disaster recovery control...


July 19, 2011  8:04 PM

Business Continuity and IT Availability – Part VI



Posted by: Robert Davis
Backup, BCM, BCP, Business Continuity, Crisis Management, Disaster Recovery, DRP, Information Security Governance, Information Security Service Management, Information Technology Service Management, ISG, ISSM, ITSM, Service Delivery, Service Disruption, Threat Management

Considering the interconnectivity of national economies through computer networks, entities are more vulnerable than ever to the possibility of technical difficulties disrupting business at any point in the communication chain. From flood or fire to computer-virus or denial-of-service, disasters...


July 15, 2011  2:44 AM

Business Continuity and IT Availability – Part V



Posted by: Robert Davis
Backup, BCM, BCP, Business Continuity, Crisis Management, Disaster Recovery, DRP, Information Security Governance, Information Security Service Management, Information Technology Service Management, ISG, ISSM, ITSM, Service Delivery, Service Disruption, Threat Management

Managerial concerns normally include: excessive business costs, forgone business opportunities, and potential revenue losses. When a business interruption occurs, restored information assets may affect operational effectiveness and efficiency. ...


July 12, 2011  9:32 PM

Business Continuity and IT Availability – Part IV



Posted by: Robert Davis
Backup, BCM, BCP, Business Continuity, Crisis Management, Disaster Recovery, DRP, Information Security Governance, Information Security Service Management, Information Technology Service Management, ISG, ISSM, ITSM, Service Delivery, Service Disruption, Threat Management

Where accepted as a managerial responsibility, an adequate ISG program should have security professionals participating in system life cycle design, acquisition, testing, and maintenance phases to ensure business continuity as well as availability requirements are appropriately incorporated, that...


July 8, 2011  10:25 PM

Business Continuity and IT Availability – Part III



Posted by: Robert Davis
Backup, BCM, BCP, Business Continuity, Crisis Management, Disaster Recovery, DRP, Information Security Governance, ISG, Service Delivery, Service Disruption, Threat Management

Governance usually occurs at different organizational strata, with activities flowing from processes, with processes linking up to systems, and programs receiving objectives from the entity’s oversight committee through established reporting lines. Alternatively or...


November 19, 2009  9:16 PM

Second-Tier Governance Deployment – Part V



Posted by: Robert Davis
CISM, Decision Theory, Fiduciary Responsibility, Framework, Governance Tree, Information Security Governance, Information Security Management, Information Theory, ISG, ISM, ITGI, Node, Safeguarding, Stakeholder

Governance usually occurs at different organizational strata, with procedures tailored for processes, with processes linking up to systems, and programs receiving objectives from the entity's oversight committee through established...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: