IT Compliance and Controls

There are many challenges to growing a business, sustaining a business, and definitely changing a business.  The latter, most would agree, is by far the hardest and largest challenge for organizations seeking to adopt controls throughout the business.  Now controls is a generic term being used now to include policies, procedures, technology safeguards, and routine [...]

[Read more →]

This week is Compliance Week and for most that implies vendor pitches and F.U.D., but there has been specific tidbits flow from the conference that indicate otherwise.  If you are not in attendance the consistent flow on Twitter (your window into conversations of interest) and upon blogs should give you a reasonable re-cap.  I strongly [...]

[Read more →]

There are numerous instances where laptops and portable devices are lost / stolen.  The classic CEO whose laptop disappeared at a conference to those thieves who coincidentally opened the one trunk of an auditor’s rental car and gained access to significant sensitive information sprinkle the news wires.
While imagination can speak to what the impacts may [...]

[Read more →]

Recently I contributed to a CIO Magazine and Network World piece on what is the impact to - Security and Privacy - in a downturn.  Specifically, what happens to all that sensitive data that was once locked behind doors and large security systems when the lights go out and the auction gavel hits the block?  [...]

[Read more →]

A new book review has been placed online by MSI.  A nice overview and elaboration of the book content. A nice highlight:
“DeLuccia lays a foundation by examining the importance of internal IT controls…explains why silo IT strategy wastes time and resources, offering a better solution in having an IT enterprise control environment”
Comments and challenges?
James DeLuccia

[Read more →]

Last night I attended the Atlanta MIT Forum discussion focused on Cloud Computing, Grid Computing, and the challenges of organizations operating within this platform and environment.  The discussion was broadcast live over GPB around the world, and no matter how many times I attend live shows - it is always exciting to be ‘in the [...]

[Read more →]

NIST 800-53 Public Draft is out for review and your feedback!  I strongly encourage everyone to review the Controls provide industry guidance to ensure this landmark guidance document remains relevant and sufficient to the threats that exist.
“The specific changes in Special Publication 800-53, Revision 3 include:

Restructuring of security controls to include specific requirements previously stated [...]

[Read more →]

Supporting Links for “BEST and WORST IT Control Environments of 2007
The following are the references made during my ACFE 19th annual Fraud Conference session.  I will provide follow-up and greater detail on areas over the next few months, but please add any resources you find valuable below.

Internet Crime Complaint Center (IC3) | Annual Reports

Internet [...]

[Read more →]

This article rings true on many areas - the need for executives to develop a technology strategy that is long term, the need for technologists to consider the impacts for their decisions when acquiring new gear, the necessity of the CIO to guide the transformation of the the infrastructure and operations management towards a business [...]

[Read more →]

Lack of alignment between business and technology services is a proven epidemic.  It is attributable to obvious security / fraud instances and causes greater damage to the competitive nature of every business that leverages technology.  An interesting napkin fact - nearly a third of IPOs over the past 12 months were for businesses that are [...]

[Read more →]