IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 4

Entries Tagged as 'iso27001'

How to meet the intent of Regulations in a Virtualized world…

December 3rd, 2008 · No Comments

Today I had an interesting question posted to me… Are we doing the right thing with regards to our virtualization environment and our business mandates?  This sparked several hours of discussion, but a few points arose that I thought worthy of passing along. The first is recognition that a virtualized environment IS in fact different […]

[

Tags: iso27001 · Risk Awareness · Technology Intelligence

A Primer on IT Compliance Self Assessments based on Risk, from eWeek

September 19th, 2008 · No Comments

A nice article posted at eWeek on Risk Based IT Compliance Self Assessments is linked below.  It is a great primer to give any business a nice starting place.  A few additions I would add are the following points (note I am using the articles numbering so it is easy to see where my additions […]

[

Tags: Direcitonal Alignment · iso27001 · Risk Awareness

Fraud Proof Your Company, by Bill Brenner

August 25th, 2008 · No Comments

To my colleagues in the technology, audit, and security field: The Association of Certified Fraud Examiner conference in July this year was a huge success.  For anyone in the business of attesting, securing, or managing the integrity of an organization this conference is for you.  Bottom line – the conference is a constant learning environment.  […]

[

Tags: Fraud · iso27001 · Operations Resiliency · Oyster · Technology Strategy Orchestration · Tone at the Top

Misunderstandings on SOX costs and Governance

March 28th, 2008 · No Comments

A recent article raised the point that SOX expense by companies was declining (as it should with the full adoption of AS5 across all filers and it being in place for over 6 years!), and that according to analysts that Governance expenses were on the rise and the new focus of enterprises.  Yes and not […]

[

Tags: iso27001 · Life Cycle Management · Risk Awareness · Technology Strategy Orchestration · Tone at the Top

Weak Principle Controls are Cause of Security Breaches

February 4th, 2008 · No Comments

Remediation and corrective action are part of the lessons learned when a negative event (security breach, fraud, etc…) occurs within an organization.  It is regarded as best practice to learn from one’s own mistakes, and an even better practice to learn from OTHER’s mistakes.  In either case understanding what controls may address the situation on […]

[

Tags: Access and Authorization · Identity Theft · iso27001 · Logical Access · PCI · Physical Access · Risk Awareness · Technology Intelligence