IT Governance, Risk, and Compliance:

Value Delivery


January 31, 2013  2:33 AM

eBook excerpt: Assuring Information Security – Part XV



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

Usually, it is easier to purchase an IT solution addressing IAP than to change a culture.  However; even the most secure system will not achieve a significant degree of protection if utilized by “ill-informed, untrained, careless or indifferent personnel.”  A well-structured information...

January 26, 2013  1:02 AM

eBook excerpt: Assuring Information Security – Part XIV



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

With respect to IAP, the information security function should:

  • establish processes for provisioning user accounts
  • ensure all entity positions are reviewed for sensitivity level
  • document procedures for friendly and unfriendly terminations
  • install...


January 24, 2013  1:54 AM

eBook excerpt: Assuring Information Security – Part XIII



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

1.3 Entity Employees

“The first line of defense from insider threats is the employees themselves.” – Software Engineering Institute (SEI)
Stakeholders expect managerial personnel to run the entity in accordance...


January 19, 2013  4:35 PM

eBook excerpt: Assuring Information Security – Part XII



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

If management views an IAP program as a methodology for achieving information systems goals and objectives, the adopted processes can enable a series of assessments defining control usefulness and control deployment; while conjunctively correlating effectiveness and efficiency directly linked to...


January 17, 2013  12:01 AM

eBook excerpt: Assuring Information Security – Part XI



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

Roles and responsibilities assignment for providing adequate IAP is typically considered critical to effective and efficient IT security.  However, depending on the entity, IAP management roles and responsibilities may focus solely on IT security or IT and business security.  Roles and...


January 12, 2013  5:59 PM

eBook excerpt: Assuring Information Security – Part X



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

Classically, managers are individuals assigned to and functioning at various responsibility, accountability, and authority levels.  Top-level managers are usually responsible for overall entity direction, accountable to stakeholders, and have the authority to establish measurable and achievable...


January 10, 2013  3:33 AM

eBook excerpt: Assuring Information Security – Part IX



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

In fulfilling addressable COBIT information criteria, an IAP program should include processes and steps for assessing tangible as well as intangible property.  The distinction between tangible and intangible is the physical nature of the property.  Properties having a physical existence -- such...


January 5, 2013  4:52 PM

eBook excerpt: Assuring Information Security – Part VIII



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

1.2 IAP Management

“Applying similar management practices to [i]nformation security management is unavoidable as the security environment keeps on increasing in complexity and insecurity.” – Security...


January 3, 2013  1:35 AM

eBook excerpt: Assuring Information Security – Part VII



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

Compliance...


December 29, 2012  5:48 AM

eBook excerpt: Assuring Information Security – Part VI



Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery

Dynamic homeostasis is steady state achievement by a relatively open system.  This condition is the result of receiving input from outside the system that is at least equal to the sum of system output and resource expenditure.  Thus, a for-profit entity must earn profits in the long run to...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: