IT Governance, Risk, and Compliance:

Laws and Regulations

1

June 22, 2009  8:41 PM

Application Protection – Part IV



Posted by: Robert Davis
Accounting, Applications, COE, Council of Europe, FCPA, Financial, Foreign Corrupt Practices Act, Information Technology, IT, Laws and Regulations, OAS, OECD, Organisation for Economic Co-operation and Development, Organization of American States, Sarbanes Oxley Act, SOX

The FCPA impacts IT control requirements of U.S. publicly held enterprises. Section 78m (b), in particular, documents the legislative rules and compliance requirements of internal control evaluation reporting with regard to management's assessment of internal controls. Section 78m (b) (2) through...

June 19, 2009  1:09 PM

Application Protection – Part III



Posted by: Robert Davis
Accounting, Applications, COE, Council of Europe, FCPA, Financial, Foreign Corrupt Practices Act, Information Technology, IT, Laws and Regulations, OAS, OECD, Organisation for Economic Co-operation and Development, Organization of American States, Sarbanes Oxley Act, SOX

FCPA control measures for an adequate system of internal accounting controls include maintaining appropriate segregation of duties, allowing only authorized transaction execution, controlling access to assets, and reconciling documented assets to actual assets regularly. Completeness, accuracy,...


June 16, 2009  7:06 PM

Application Protection – Part II



Posted by: Robert Davis
Accounting, Applications, COE, Council of Europe, FCPA, Financial, Foreign Corrupt Practices Act, Information Technology, IT, Laws and Regulations, OAS, OECD, Organisation for Economic Co-operation and Development, Organization of American States, Sarbanes Oxley Act, SOX

The FCPA codifies bribery of foreign officials as a criminal offense for U.S. publicly held companies, requires accurate financial-transactions accounting, and amends the Securities Exchange Act of 1934....


June 12, 2009  6:36 PM

Application Protection – Part I



Posted by: Robert Davis
Accounting, Applications, COE, Council of Europe, FCPA, Financial, Foreign Corrupt Practices Act, Information Technology, IT, Laws and Regulations, OAS, OECD, Organisation for Economic Co-operation and Development, Organization of American States, Sarbanes Oxley Act, SOX

Legacy law or regulation replacement is a common occurrence within most governments when circumstances appear to discredit legal mandate enforcement. However, the U.S. Sarbanes-Oxley Act (SOX) of 2002...


March 16, 2009  7:01 PM

Physical Token Protection – Part IV



Posted by: Robert Davis
Availability, CIA, Confidentiality, Functionality, Identification, Information Security Management, Integrity, ISM, IT Security, Laws and Regulations, Quality, Service Level Agreement, SLA, Token, Usability

Regarding provisioning physical authentication mediums, an entity's deployed access control process should clearly define the way encoded identification is delivered to users -- within the context of promoting adequate confidentiality, integrity and availability. Specifically, the process to...


March 12, 2009  6:41 PM

Physical Token Protection – Part III



Posted by: Robert Davis
Availability, CIA, Confidentiality, Functionality, Identification, Information Security Management, Integrity, ISM, IT Security, Laws and Regulations, Quality, Service Level Agreement, SLA, Token, Usability

As a corollary requirement, when considering physical tokens, functionality is directly related to capabilities. Consequently, physical token appropriateness should be evaluated based on the set of attributes applicable to the existing set of activities and their specific properties. In other...


March 9, 2009  6:56 PM

Physical Token Protection – Part II



Posted by: Robert Davis
Availability, CIA, Confidentiality, Functionality, Identification, Information Security Management, Integrity, ISM, IT Security, Laws and Regulations, Service Level Agreement, SLA, Token, Usability

Information asset usability implies availability to perform requested services as well as transparency. Determining physical token usability necessitates assessing relevant and pertinent services for the access process as well as secure user delivery in a timely, correct, and consistent manner....


March 6, 2009  7:50 PM

Physical Token Protection – Part I



Posted by: Robert Davis
Availability, CIA, Confidentiality, Functionality, Identification, Information Security Management, Integrity, ISM, IT Security, Laws and Regulations, Token, Usability

Organizationally, information security normally is considered a program enabling and optimizing IT security services for the entity in order to satisfy business requirements, while simultaneously providing strategic and tactical IT security infrastructure management that complies with applicable...


1