April 11, 2013 8:24 PM
Posted by: Robert Davis
Information Assets Protection,
Information Security,
Information Security Governance,
Information Security Management,
IT Controls,
Security FrameworksRegulatory agencies are generally designed to operate with minimum executive or legislative supervision. Theoretically, a commission of experts is more suitable for regulating an industry’s activities than legislative or executive oversight committees. Usually, regulatory agencies are empowered...
April 6, 2013 10:43 PM
Posted by: Robert Davis
Information Assets Protection,
Information Security,
Information Security Governance,
Information Security Management,
IT Controls,
Security FrameworksCategorically, security implies protection while privacy implies confidentiality. Laws and regulations have been enacted throughout the world addressing either or both areas as well as intellectual property and contracts. Compliance with laws and regulations are considered essential to avoid...
April 4, 2013 2:48 PM
Posted by: Robert Davis
Information Assets Protection,
Information Security,
Information Security Governance,
Information Security Management,
IT Controls,
Security FrameworksAn entity’s management should, and in several countries do, have a legal responsibility to implement an adequate internal control system for preventing, detecting, and conditionally correcting errors, mistakes, omissions, irregularities and illegal acts. Similar to the legal requirement for...
March 30, 2013 6:39 PM
Posted by: Robert Davis
Information Assets Protection,
Information Security,
Information Security Governance,
Information Security Management,
IT Controls,
Security FrameworksIT safeguarding has generated considerable debate within the audit and management communities since the deployment of computers for performing transaction processing. Specifically, the merits of IT auditor involvement in financial statement audits and managements’ fiduciary ISG...
March 28, 2013 9:41 PM
Posted by: Robert Davis
Information Assets Protection,
Information Security,
Information Security Governance,
Information Security Management,
IT Controls,
Security FrameworksConsidering fiduciary tenets and accepting ISG utilizes a top-down approach for legal requirements compliance, if the entity’s executive management has an established or enforceable fiduciary duty then organizational personnel are expected to adhere to and sustain the defined obligation....
March 23, 2013 5:34 PM
Posted by: Robert Davis
Information Assets Protection,
Information Security,
Information Security Governance,
Information Security Management,
IT Controls,
Security FrameworksInformation Security Governance (ISG) normally addresses creating and implementing a ‘system of security controls’ that enable ethical and/or legal managerial responsibilities fulfillment for information assets protection (IAP). Ethically, management must protect an entity’s information...
January 31, 2013 2:33 AM
Posted by: Robert Davis
Accountability,
Acquire and Implement,
Adaptive Systems,
Asset Management,
Assurance Services,
Availability Management,
COBIT,
COBIT Domains,
Control Environment,
Control Objectives,
Control Objectives for Information and related Technology,
Deliver and Support,
Due Diligence,
Fiduciary Responsibility,
Framework,
Information Assets Protection,
Information Security Governance,
Information Security Management,
ISG,
Key Performance Indicators,
Monitor and Evaluate,
Performance Measurement,
Plan and Organize,
Risk Management,
Strategic Alignment,
Value DeliveryUsually, it is easier to purchase an IT solution addressing IAP than to change a culture. However; even the most secure system will not achieve a significant degree of protection if utilized by “ill-informed, untrained, careless or indifferent personnel.” A well-structured information...
January 26, 2013 1:02 AM
Posted by: Robert Davis
Accountability,
Acquire and Implement,
Adaptive Systems,
Asset Management,
Assurance Services,
Availability Management,
COBIT,
COBIT Domains,
Control Environment,
Control Objectives,
Control Objectives for Information and related Technology,
Deliver and Support,
Due Diligence,
Fiduciary Responsibility,
Framework,
Information Assets Protection,
Information Security Governance,
Information Security Management,
ISG,
Key Performance Indicators,
Monitor and Evaluate,
Performance Measurement,
Plan and Organize,
Risk Management,
Strategic Alignment,
Value DeliveryWith respect to IAP, the information security function should:
- establish processes for provisioning user accounts
- ensure all entity positions are reviewed for sensitivity level
- document procedures for friendly and unfriendly terminations
- install...
January 24, 2013 1:54 AM
Posted by: Robert Davis
Accountability,
Acquire and Implement,
Adaptive Systems,
Asset Management,
Assurance Services,
Availability Management,
COBIT,
COBIT Domains,
Control Environment,
Control Objectives,
Control Objectives for Information and related Technology,
Deliver and Support,
Due Diligence,
Fiduciary Responsibility,
Framework,
Information Assets Protection,
Information Security Governance,
Information Security Management,
ISG,
Key Performance Indicators,
Monitor and Evaluate,
Performance Measurement,
Plan and Organize,
Risk Management,
Strategic Alignment,
Value Delivery1.3 Entity Employees
“The first line of defense from insider threats is the employees themselves.” – Software Engineering Institute (SEI)
Stakeholders expect managerial personnel to run the entity in accordance...
