IT Compliance and Controls

Today I had an interesting question posted to me… Are we doing the right thing with regards to our virtualization environment and our business mandates?  This sparked several hours of discussion, but a few points arose that I thought worthy of passing along.
The first is recognition that a virtualized environment IS in fact different then [...]

[Read more →]

A nice article posted at eWeek on Risk Based IT Compliance Self Assessments is linked below.  It is a great primer to give any business a nice starting place.  A few additions I would add are the following points (note I am using the articles numbering so it is easy to see where my additions [...]

[Read more →]

To my colleagues in the technology, audit, and security field:
The Association of Certified Fraud Examiner conference in July this year was a huge success.  For anyone in the business of attesting, securing, or managing the integrity of an organization this conference is for you.  Bottom line - the conference is a constant learning environment.  I [...]

[Read more →]

A recent article raised the point that SOX expense by companies was declining (as it should with the full adoption of AS5 across all filers and it being in place for over 6 years!), and that according to analysts that Governance expenses were on the rise and the new focus of enterprises.  Yes and not [...]

[Read more →]

Remediation and corrective action are part of the lessons learned when a negative event (security breach, fraud, etc…) occurs within an organization.  It is regarded as best practice to learn from one’s own mistakes, and an even better practice to learn from OTHER’s mistakes.  In either case understanding what controls may address the situation on [...]

[Read more →]