IT Compliance and Controls

Converging Business, Information, and Controls

IT Compliance and Controls header image 4

Entries Tagged as 'Risk Awareness'

ISACA is seeking feedback on COBIT 5.0 Design Draft

March 23rd, 2010 · No Comments

COBIT 5 exposure draft is out for review, so sharpen those pencils, order that Grande with an add shot, and find someplace quiet and dig into this design document (note this is NOT Cobit 5.0 but instead the plan at which will be employed to create it.  It is critical to review and provide feedback […]

[Read more →]

Tags: Change Control · Direcitonal Alignment · Life Cycle Management · Monitoring and Performance Reviews · Physical Access · Risk Awareness · SDLC · Trusted Communications and Network · Trusted Computing Platform Systems

How to meet the intent of Regulations in a Virtualized world…

December 3rd, 2008 · No Comments

Today I had an interesting question posted to me… Are we doing the right thing with regards to our virtualization environment and our business mandates?  This sparked several hours of discussion, but a few points arose that I thought worthy of passing along. The first is recognition that a virtualized environment IS in fact different […]

[Read more →]

Tags: iso27001 · Risk Awareness · Technology Intelligence

Financial Crisis Fraud: AIG hid problems from Auditors

October 8th, 2008 · No Comments

As one may expect, given massive amounts of defaults, bad lending practices, nonexistent risk management departments, and essentially a complete lack of due diligence is there any expectation that fraud did not occur?  One of many to be coming to light is that of AIG.  According to recent findings AIG hid financial distresses and practices […]

[Read more →]

Tags: Fraud · Risk Awareness

A Primer on IT Compliance Self Assessments based on Risk, from eWeek

September 19th, 2008 · No Comments

A nice article posted at eWeek on Risk Based IT Compliance Self Assessments is linked below.  It is a great primer to give any business a nice starting place.  A few additions I would add are the following points (note I am using the articles numbering so it is easy to see where my additions […]

[Read more →]

Tags: Direcitonal Alignment · iso27001 · Risk Awareness

Hackers attack Georgia

August 13th, 2008 · No Comments

In the Wall Street Journal and on several online resources there is documented evidence that an information attack was launched against the country of Georgia and its government systems.  This attack coincided with the Russian offensive.  The implications of this attack are tremendous and shift the theory beyond information cyberwarfare to practical lessons.  A few […]

[Read more →]

Tags: Incident Response Capability · Monitoring and Performance Reviews · Operations Resiliency · Risk Awareness · Security and Assurance · Sustain Operations

Misunderstandings on SOX costs and Governance

March 28th, 2008 · No Comments

A recent article raised the point that SOX expense by companies was declining (as it should with the full adoption of AS5 across all filers and it being in place for over 6 years!), and that according to analysts that Governance expenses were on the rise and the new focus of enterprises.  Yes and not […]

[Read more →]

Tags: iso27001 · Life Cycle Management · Risk Awareness · Technology Strategy Orchestration · Tone at the Top

Globalized Risks to Operations, case in point: Google’s YouTube and Pakistan

February 26th, 2008 · No Comments

On Sunday a foreign government enforced its sovereign right to censor its citizens, and consequently caused a global outage (2 hours) to the most popular video side in the planet, run by the most sophisticated global internet company – Google.  The lessons here resonate with the need for organizations to consider all aspects of risk […]

[Read more →]

Tags: Incident Response Capability · Monitoring and Performance Reviews · Operations Resiliency · Risk Awareness · Sustain Operations · Trusted Communications and Network

Article: Blackmail payments for stolen client data

February 21st, 2008 · No Comments

Yesterday I highlighted that organizations must consider the value of information based on the party that possesses it, i.e. If the information was made available to anyone – what could they do and how bad would the impact be to your organization? Today’s Wall Street Journal had an article entitled “Another Liechtenstein Bank Suffers Theft […]

[Read more →]

Tags: Fraud · Human Resources · Identity Theft · Risk Awareness

Intellectual Assets: News items on Espionage & Public Dissimination of Data

February 20th, 2008 · 1 Comment

Intellectual property for an organization can vary between trade secrets (i.e. the ‘secret sauce recipe’) and customer specific data.  Every organization must classify information appropriately based on their own usage of the data, governing laws, and best practices.  Two recent examples caught my attention as examples where data was compromised and the affects. The first […]

[Read more →]

Tags: Access and Authorization · Human Resources · Logical Access · Monitoring and Performance Reviews · Risk Awareness

Broken Internet Connections disconnect two continents

February 11th, 2008 · 1 Comment

The criticality of the Internet has grown exponentially. Consumers rely on Internet based applications (or RIA) for everything from email, CRM, ERP, publishing – and this online portal. Businesses have generally transitioned from dedicated frame relays, and leased lines to VPN tunnels through the Internet (link to Cisco Whitepaper). The efficiency gained by organizations sourcing […]

[Read more →]

Tags: Incident Response Capability · Monitoring and Performance Reviews · Operations Resiliency · Risk Awareness · Sustain Operations · Trusted Communications and Network