IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 4

Entries from March 2008

Misunderstandings on SOX costs and Governance

March 28th, 2008 · No Comments

A recent article raised the point that SOX expense by companies was declining (as it should with the full adoption of AS5 across all filers and it being in place for over 6 years!), and that according to analysts that Governance expenses were on the rise and the new focus of enterprises.  Yes and not […]

[Read more →]

Tags: iso27001 · Life Cycle Management · Risk Awareness · Technology Strategy Orchestration · Tone at the Top

Hardware attacks threaten integrity and confidentiality

March 21st, 2008 · No Comments

There have been recent success in research efforts (mostly academic and theory in origin and a few recently progressing into the more exploitative POC) to identify weaknesses that exist in everything from Firewire connections to the magnetic cards used to access secure facilities.  These proofs of concepts highlight the necessity of a well deployed control […]

[Read more →]

Tags: Access and Authorization · Incident Response Capability · Logical Access · Monitoring and Performance Reviews · PCI · Physical Access