IT Compliance and Controls

NIST 800-53 Public Draft is out for review and your feedback!  I strongly encourage everyone to review the Controls provide industry guidance to ensure this landmark guidance document remains relevant and sufficient to the threats that exist. “The specific changes in Special Publication 800-53, Revision 3 include: Restructuring of security controls to include specific requirements [...]

[Read more →]

Supporting Links for “BEST and WORST IT Control Environments of 2007 The following are the references made during my ACFE 19th annual Fraud Conference session.  I will provide follow-up and greater detail on areas over the next few months, but please add any resources you find valuable below. Internet Crime Complaint Center (IC3) | Annual [...]

[Read more →]

This article rings true on many areas – the need for executives to develop a technology strategy that is long term, the need for technologists to consider the impacts for their decisions when acquiring new gear, the necessity of the CIO to guide the transformation of the the infrastructure and operations management towards a business [...]

[Read more →]

Lack of alignment between business and technology services is a proven epidemic.  It is attributable to obvious security / fraud instances and causes greater damage to the competitive nature of every business that leverages technology.  An interesting napkin fact – nearly a third of IPOs over the past 12 months were for businesses that are [...]

[Read more →]

Silos throughout an organization are natural as an organization is initially created due to the entrprenuerial situation where any one individual maintains a dozen or so roles.  As the organization grows however the organization must continually redefine and restructure the objectives and responsibilities of the staff.  This is especially important as the competitive landscape has [...]

[Read more →]