A Case for a Process-based Approach to GRC  By S. Ramanathan, CISA, CISSP—The subject of this article is to present a more fundamental approach to GRC and to suggest the most appropriate methodology to make the exercise sustainable. An Approach Toward Sarbanes-Oxley ITGC Risk Assessment  By Arvind Mehta, CISA, C-EH, ISO 27001 LA—The right approach to identify the exact scope and extent of testing for Sarbanes-Oxley ITGC is to perform a detailed risk assessment focused on the risks associated with each general control process area. FISMA 2010: What It Means for IT Security Professionals  By Tarak Modi, CISA, CISSP, PMP—This article looks at how FISMA and its family of key NIST SPs are changing to meet the challenges posed by increasingly elusive hackers who are using better and more sophisticated tools and techniques. Giving Sustainability to COBIT PO9  By Vítor Prisca, CISM, CGEIT, and Manuel Moreira, CISA, IPMA Level C: Certified Project Manager—This article presents an effective methodological approach to implement and sustain the COBIT PO9 "Assess and manage IT risks" process. Seven Ways SMEs Can Benefit From GRC Solutions  By Dan Wilhelms—SMEs are not required to demonstrate compliance to outside auditors or to the government. So how does an organization decide whether the benefits of implementing a second-generation GRC solution outweigh the cost? HelpSource Q&A  With Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, SSCP, ISO 27001 LA—By being clinical and dispassionate, with no personal agenda, auditors serve the best interests of their employers and their profession. Mitigating IT Risks for Logical Access  By Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CMA, CPA—To mitigate the risks associated with access control, it is necessary to identify the risks associated with access controls and to assess the level of those risks. |
|
|