IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 4

Entries Tagged as 'Monitoring and Performance Reviews'

ISACA is seeking feedback on COBIT 5.0 Design Draft

March 23rd, 2010 · No Comments

COBIT 5 exposure draft is out for review, so sharpen those pencils, order that Grande with an add shot, and find someplace quiet and dig into this design document (note this is NOT Cobit 5.0 but instead the plan at which will be employed to create it.  It is critical to review and provide feedback […]

[Read more →]

Tags: Change Control · Direcitonal Alignment · Life Cycle Management · Monitoring and Performance Reviews · Physical Access · Risk Awareness · SDLC · Trusted Communications and Network · Trusted Computing Platform Systems

Hackers attack Georgia

August 13th, 2008 · No Comments

In the Wall Street Journal and on several online resources there is documented evidence that an information attack was launched against the country of Georgia and its government systems.  This attack coincided with the Russian offensive.  The implications of this attack are tremendous and shift the theory beyond information cyberwarfare to practical lessons.  A few […]

[Read more →]

Tags: Incident Response Capability · Monitoring and Performance Reviews · Operations Resiliency · Risk Awareness · Security and Assurance · Sustain Operations

Hardware attacks threaten integrity and confidentiality

March 21st, 2008 · No Comments

There have been recent success in research efforts (mostly academic and theory in origin and a few recently progressing into the more exploitative POC) to identify weaknesses that exist in everything from Firewire connections to the magnetic cards used to access secure facilities.  These proofs of concepts highlight the necessity of a well deployed control […]

[Read more →]

Tags: Access and Authorization · Incident Response Capability · Logical Access · Monitoring and Performance Reviews · PCI · Physical Access

Globalized Risks to Operations, case in point: Google’s YouTube and Pakistan

February 26th, 2008 · No Comments

On Sunday a foreign government enforced its sovereign right to censor its citizens, and consequently caused a global outage (2 hours) to the most popular video side in the planet, run by the most sophisticated global internet company – Google.  The lessons here resonate with the need for organizations to consider all aspects of risk […]

[Read more →]

Tags: Incident Response Capability · Monitoring and Performance Reviews · Operations Resiliency · Risk Awareness · Sustain Operations · Trusted Communications and Network

Intellectual Assets: News items on Espionage & Public Dissimination of Data

February 20th, 2008 · 1 Comment

Intellectual property for an organization can vary between trade secrets (i.e. the ‘secret sauce recipe’) and customer specific data.  Every organization must classify information appropriately based on their own usage of the data, governing laws, and best practices.  Two recent examples caught my attention as examples where data was compromised and the affects. The first […]

[Read more →]

Tags: Access and Authorization · Human Resources · Logical Access · Monitoring and Performance Reviews · Risk Awareness

Broken Internet Connections disconnect two continents

February 11th, 2008 · 1 Comment

The criticality of the Internet has grown exponentially. Consumers rely on Internet based applications (or RIA) for everything from email, CRM, ERP, publishing – and this online portal. Businesses have generally transitioned from dedicated frame relays, and leased lines to VPN tunnels through the Internet (link to Cisco Whitepaper). The efficiency gained by organizations sourcing […]

[Read more →]

Tags: Incident Response Capability · Monitoring and Performance Reviews · Operations Resiliency · Risk Awareness · Sustain Operations · Trusted Communications and Network

Implementing Effective Ethics Programs

January 27th, 2008 · No Comments

The need for organizations to define and communicate effective policies and procedures resonates around the globe, and is strongly supported by such governance organizations to include the WTO, The World Bank, OCEG, and the OECD, to name but a few. A first, but essential, step to ensuring appropriate controls and operational efficiency is the defining […]

[Read more →]

Tags: Monitoring and Performance Reviews · Policy and Procedures · Risk Awareness · Tone at the Top

Sensitive Information includes Internet Addresses, EU Data Privacy Group

January 25th, 2008 · No Comments

Personally Identifiable Information is defined differently by each industry, country, and region. Companies must have information intelligence practices in place that account for these types of information, and means of classifying and protecting. Such information in the U.S. varies by jurisdiction, but can include medical records, financial information, and now perhaps in the EU your […]

[Read more →]

Tags: Human Resources · Monitoring and Performance Reviews · Policy and Procedures · Risk Awareness · Technology Intelligence

CIA: Energy Infrastructure Attacked

January 24th, 2008 · No Comments

In my book, IT Compliance and Controls, I highlight the importance of the energy infrastructure, and the risks that these systems face given their newly interconnectedness. To highlight the relevant points from the book – the energy infrastructures of the world support the medical, HVAC, security, and financial systems of our economies. The loss of […]

[Read more →]

Tags: Access and Authorization · Application Controls · Incident Response Capability · Logical Access · Monitoring and Performance Reviews · Physical Access · Sustain Operations · Technology Intelligence · Trusted Computing Platform Systems

Best E-Discovery Tools, Providers, and Trends

January 17th, 2008 · No Comments

The annual 2007 Socha-Gelbmann Electronic Discovery Survey has been released and is a great resource for vetting your current internal approach to managing data, and providing a quick guide for establishing a relationship based on industry opinion. Interesting facts include – market share, expertise in legal aspects of e-discovery, tools, and more.  A prime component […]

[Read more →]

Tags: Incident Response Capability · Monitoring and Performance Reviews · Security and Assurance · Technology Intelligence