IT Governance, Risk, and Compliance:

IT Controls


June 7, 2013  4:20 AM

Revisiting the Safeguarding of Information Assets – Part XXII



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

An entity in a multiple-compliance scenario may benefit by developing a centralized oversight function that evaluates controls across all compliance arenas, interfaces with auditors for each compliance area and provides direction on the most cost-effective controls that maximize total compliance...

June 3, 2013  3:16 AM

Revisiting the Safeguarding of Information Assets – Part XXI



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Generally, there are three main dimensions to jurisdiction decisions: procedural, substantive, and enforcement issues.  Procedural jurisdiction considers which court or state has the proper authority.  Substantive jurisdiction determines which rules should be applied.  Whereby, enforcement...


June 1, 2013  1:43 AM

Revisiting the Safeguarding of Information Assets – Part XX



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

International jurisdiction is based predominantly on geographical world division into national territories. Within these geographical divisions, each established government has the sovereign right to exercise magistracy over its territory. However, upon detection of an illegal act, if a citizen of...


May 25, 2013  11:51 PM

Revisiting the Safeguarding of Information Assets – Part XIX



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Since contracts, transactions and disputes relating to information assets can involve parties, actions and evidence in multiple distinct jurisdictions, it may be advantageous for entities to clarify existing rules or presumptions regarding the laws pertinent to IAP.  Additionally, assuming...


May 25, 2013  11:43 PM

Revisiting the Safeguarding of Information Assets – Part XVIII



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Intellectual property laws address something produced by the mind, of which the ownership or right to usage is legally protected. Intellectual property can denote knowledge-based assets as well as capital, including information or data that can result in intellectual capital extending to ideas,...


May 20, 2013  12:56 AM

Revisiting the Safeguarding of Information Assets – Part XVII



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Data privacy laws dictate adherence to trusts and obligations associated with any information connected to an identified or identifiable data subject. Personal data privacy generally refers to information that can be associated with a specific individual, or that has identifying characteristics...


May 17, 2013  1:49 AM

Revisiting the Safeguarding of Information Assets – Part XVI



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Security laws can decree the required degree of protection for property, usually based on governmental interest. Specifically, information security laws may outline control measures to prevent unauthorized access to devices that process sensitive data. Inclusively, directed data control measures...


May 12, 2013  4:48 PM

Revisiting the Safeguarding of Information Assets – Part XV



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Information systems may be of a public or private nature, and contain elements protected by various data security, data privacy, or intellectual property laws. Property classification into public and private categories is based on ownership. If the property is owned by the government or a political...


May 9, 2013  9:41 PM

Revisiting the Safeguarding of Information Assets – Part XIV



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Information systems related due care dictates appropriate data security due diligence activities. Interpretively, an entity’s information systems should represent resources committed to collecting data, processing transactions, and communicating operational results within defined legal limits. An...


May 5, 2013  7:14 PM

Revisiting the Safeguarding of Information Assets – Part XIII



Posted by: Robert Davis
Information Assets Protection, Information Security, Information Security Governance, Information Security Management, IT Controls, Security Frameworks

Prescriptively; utilizing security, privacy and intellectual property clauses in contractual agreements may aid in clarifying expectations as well as reduce adverse outcomes in post-facto legal disputes. Parties to information asset related contracts should consider documenting terms for: •...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: