|
|
|
fela | 22 days ago | 1 comments
|
|
|
|
|
Research
Posted by ISACA 56 days ago
|
Research
Posted by ISACA 91 days ago
|
Research
Posted by ISACA 168 days ago
|
Research
Posted by ISACA 195 days ago
|
Research
Posted by ISACA 222 days ago
|
Research
Posted by ISACA 222 days ago
|
7 May 2012
ISACA International Event
Orlando, Florida, USA
Get the knowledge you need to stay one step ahead of the competition and keep up with changing professional trends at ISACA’s North America CACS Conference.
|
Volume 2, 2012
by Robbie Sauerberg, Weston Smith and Jonathan Tudor, CCNA
This article first describes the benefits of CRM systems and identifies risk areas inherent in CRM systems that threaten the benefits an organization can receive from a CRM system.
|
Volume 5, 2011
by Larry Marks, CISA, CGEIT, CRISC, CFE, CISSP, PMP Plus
The relevant questions that need to be asked are: How does the Dodd-Frank Act impact IT auditors? How does the Dodd-Frank Act impact global organizations?
|
Volume 2, 2011
by Scott M. Baron, CISA, CRISC, CCDP, CCNP, MCSA, MCSE
Baron is director of digital risk and security governance for National Grid, where his team has global responsibility for IS risk and compliance efforts.
|
Volume 1, 2011
by Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, ISO 27001 LA, SSCP
Organisations that do not have proper records retention policies, in particular those that process information on behalf of their clients, have landed in trouble.
|
Volume 6, 2010
by Javier Salido, CIPP
This article presents an overview of the Data Governance for Privacy, Confidentiality and Compliance (DGPC) framework developed by Microsoft.
|
Volume 5, 2010
by Christopher P. Buse, CISA, CISSP, CPA, Larry Marks, CISA, CGEIT, CFE, CISSP, PMP and Steve Sizemore, CISA, CGAP, CIA
This article discusses the US Department of Health and Human Services Health Breach Notification Rule: Final Rule.
|
These links, which have been contributed by site users, link to external third-party web sites. ISACA has not evaluated these web sites and accepts no responsibility for their suitability, security or privacy practices.
Article on moving applications into the cloud and staying in compliance with regulations.
|
Institutionalized information security governance defines the information assets safeguarding perimeter inside which an entity should operate. Whereas, legal compliance management ensures structural boundary segments are sturdy and the entity consistently fulfills its mission within externally imposed demarcation lines. Generally, determining an entity's legal mandates exceeds the security function's ambit. Nonetheless, overseeing the design, implementation and monitoring of applicable legal requirements is a security function imperative. Aligning information security governance with legal compliance management allows an entity to enhance cultural ethics while concurrently reducing judicial risks.
|
Institutionalized information security governance defines the information assets safeguarding perimeter inside which an entity should operate. Whereas, legal compliance management ensures structural boundary segments are sturdy and the entity consistently fulfills its mission within externally imposed demarcation lines. Generally, determining an entity's legal mandates exceeds the security function's ambit. Nonetheless, overseeing the design, implementation and monitoring of applicable legal requirements is a security function imperative. Aligning information security governance with legal compliance management allows an entity to enhance cultural ethics while concurrently reducing judicial risks.
|
The migration from manual to IT generated information has resulted in verdicts and judgments where liability, guilt, or innocence are based solely or largely on electronically encoded evidence. Reliance on IT generated information as evidence raises issues and challenges from a management perspective that must be addressed through effective governance and audit.
|
Control systems can be categorized as being either decision systems or technical systems. Nonetheless, decision-making process assistance may be contained in an IT decision support system (DSS)...
|
This website has plenty of good articles, white papers, news, regulations, and webinars. Even if you are not in the banking sector, this is a good website to visit to keep abreast of the latest security threats in the financial services arena.
|
|
Having been associated with the BS 7799 from its introduction as a Security Standard, and as a Contributor to the ISO 27001, and the last and final Chair of the ISO 27001 at the Department of Trade and Industry (DTI) I have been a long term supporter, and...
Posted By : John379 | 0 comments
|
Gone are the days of check list auditing (Tick and bash audit). To add value to business auditors need to go beyond check listing.
Be it an application control review (ACR), IT General Controls Review (ITGCR), A project review or an integrated audit, i...
|
|
During my audits, training & teaching sessions one of the frequent queries I came across is 'Sir, How do I become an IT Auditor? What are the qualification criteria?'
The best answer for this to quote from the famous book, Information Systems Control and ...
Posted By : KvR | 0 comments
|
In 2011 we observed security breaches impacting large name brands, which, to say the least were astonishing. This, along with a conjoined rise in cyber-attacks, and e-Crime, not to mention attention from Hacktivists all took their toll. However, at the sa...
Posted By : John379 | 0 comments
|
|
So two things happened today. While talking about the need to get the business folks excited about IT Risk Management I used a simple analogy trying to relate to the usual perception, perhaps justifiably so, the business folks have, and that is, IT securi...
Posted By : Umesh391 | 0 comments
|
The company you are auditing should have a policy on how their Oracle databases are configured. Much of this configuration will be reflected in the initialization parameters. The initialization parameters can be seen using the view v$parameter. A descr...
Posted By : Ian Cooke | 0 comments
|
|
|