IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 4

Entries Tagged as 'Physical Access'

ISACA is seeking feedback on COBIT 5.0 Design Draft

March 23rd, 2010 · No Comments

COBIT 5 exposure draft is out for review, so sharpen those pencils, order that Grande with an add shot, and find someplace quiet and dig into this design document (note this is NOT Cobit 5.0 but instead the plan at which will be employed to create it.  It is critical to review and provide feedback […]

[Read more →]

Tags: Change Control · Direcitonal Alignment · Life Cycle Management · Monitoring and Performance Reviews · Physical Access · Risk Awareness · SDLC · Trusted Communications and Network · Trusted Computing Platform Systems

Hardware attacks threaten integrity and confidentiality

March 21st, 2008 · No Comments

There have been recent success in research efforts (mostly academic and theory in origin and a few recently progressing into the more exploitative POC) to identify weaknesses that exist in everything from Firewire connections to the magnetic cards used to access secure facilities.  These proofs of concepts highlight the necessity of a well deployed control […]

[Read more →]

Tags: Access and Authorization · Incident Response Capability · Logical Access · Monitoring and Performance Reviews · PCI · Physical Access

Weak Principle Controls are Cause of Security Breaches

February 4th, 2008 · No Comments

Remediation and corrective action are part of the lessons learned when a negative event (security breach, fraud, etc…) occurs within an organization.  It is regarded as best practice to learn from one’s own mistakes, and an even better practice to learn from OTHER’s mistakes.  In either case understanding what controls may address the situation on […]

[Read more →]

Tags: Access and Authorization · Identity Theft · iso27001 · Logical Access · PCI · Physical Access · Risk Awareness · Technology Intelligence

CIA: Energy Infrastructure Attacked

January 24th, 2008 · No Comments

In my book, IT Compliance and Controls, I highlight the importance of the energy infrastructure, and the risks that these systems face given their newly interconnectedness. To highlight the relevant points from the book – the energy infrastructures of the world support the medical, HVAC, security, and financial systems of our economies. The loss of […]

[Read more →]

Tags: Access and Authorization · Application Controls · Incident Response Capability · Logical Access · Monitoring and Performance Reviews · Physical Access · Sustain Operations · Technology Intelligence · Trusted Computing Platform Systems