IT Governance, Risk, and Compliance

Sep 10 2009   9:01PM GMT

Supporting ISG Deployment – Part III

Robert Davis Robert Davis Profile: Robert Davis

Alternatively, if you perceive ISG as a descriptive prescription for achieving managerial objectives, the adopted ISG methodology should provide security assessments defining strategic, tactical, and operational risks. Management usually is vigilant regarding the cost of controls and the benefits that can be derived from controls deployment and utilization, while achieving an entity’s strategic direction. Concurrently, auditors are concerned with the impact of information security controls on an entity’s internal control system. To redress cost-benefit, strategic direction as well as control impact issues, ISG effectiveness and efficiency directly related to managerial responsibility, accountability, and authority structure should be demonstrated through appropriate measurement tools. Therefore, at the methodological root, understanding ISG roles are considered crucial to managing secure processes.

View Part I of the Supporting ISG Deployment series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: