IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 4

Entries Tagged as 'iso27001'

A Primer on IT Compliance Self Assessments based on Risk, from eWeek

September 19th, 2008 · No Comments

A nice article posted at eWeek on Risk Based IT Compliance Self Assessments is linked below.  It is a great primer to give any business a nice starting place.  A few additions I would add are the following points (note I am using the articles numbering so it is easy to see where my additions […]

[Read more →]

Tags: Direcitonal Alignment · Risk Awareness · iso27001

Fraud Proof Your Company, by Bill Brenner

August 25th, 2008 · No Comments

To my colleagues in the technology, audit, and security field:
The Association of Certified Fraud Examiner conference in July this year was a huge success.  For anyone in the business of attesting, securing, or managing the integrity of an organization this conference is for you.  Bottom line - the conference is a constant learning environment.  I […]

[Read more →]

Tags: Fraud · Operations Resiliency · Oyster · Technology Strategy Orchestration · Tone at the Top · iso27001

Misunderstandings on SOX costs and Governance

March 28th, 2008 · No Comments

A recent article raised the point that SOX expense by companies was declining (as it should with the full adoption of AS5 across all filers and it being in place for over 6 years!), and that according to analysts that Governance expenses were on the rise and the new focus of enterprises.  Yes and not […]

[Read more →]

Tags: Life Cycle Management · Risk Awareness · Technology Strategy Orchestration · Tone at the Top · iso27001

Weak Principle Controls are Cause of Security Breaches

February 4th, 2008 · No Comments

Remediation and corrective action are part of the lessons learned when a negative event (security breach, fraud, etc…) occurs within an organization.  It is regarded as best practice to learn from one’s own mistakes, and an even better practice to learn from OTHER’s mistakes.  In either case understanding what controls may address the situation on […]

[Read more →]

Tags: Access and Authorization · Identity Theft · Logical Access · PCI · Physical Access · Risk Awareness · Technology Intelligence · iso27001