journal header

Volume 3, 2016

This Week's Online-Exclusive Feature

Implementing Segregation of Duties: A Practical Experience Based on Best Practices
25 May 2016
Stefano Ferroni, CISM, ISO 27001 LA, ITIL Expert

Segregation of duties (SoD) is a central issue for enterprises to ensure compliance with laws and regulations. The importance of SoD arises from the consideration that giving a single individual complete control of a process or an asset can expose an organization to risk. Enforcing SoD is, thus, an important control element to support the achievement of an effective risk management strategy.

This article, which contains conclusions derived from real-world SoD experience, is divided into two parts: applied methodology and implementation issues. Read More >>

Indicates Online-Exclusive Content

 

 


This Week's Featured Author Blog

The Role of CIOs and CISOs
23 May 2016
Devassy Jose Tharakan, CISA, ISO 27001 LA, ITIL, PMP

Businesses of various sizes are extremely worried about information security. On a daily basis, we hear news of banks and financial institutions losing customer records, confidential information and money due to cyberattacks. Cyberattacks have increased exponentially over the last 5 years, and attack methods are becoming more sophisticated each day. On average, enterprises take about 100 days to identify an attack. It takes even more time to investigate, plug the gaps and prevent similar incidents. The goal of my recent Journal article is to help enterprises and security leaders realign the strategy of their information security teams by empowering the chief information officer (CIO) and the chief information security officer (CISO). Read More >>

Indicates Online-Exclusive Content

 

 


What's New for Nonmembers

IS Audit Basics Articles

Auditing IS/IT Risk Management, Part 2

Auditing IS/IT Risk Management, Part 1

Is There Such a Thing as a Bad IS Auditor? Part 2

Is There Such a Thing as a Bad IS Auditor? Part 1

Trust, but Verify

Auditors and Large Software Projects, Part 3

 

Full Journal Issues

Volume 3, 2015 Governance and Management of Enterprise IT (GEIT)

Volume 2, 2015 Opportunities and Challenges of New Technology

Volume 1, 2015 Analytics and Risk Intelligence

Volume 6, 2014 Cybersecurity

Volume 5, 2014 Mobile Devices

Volume 4, 2014 Governance and Management of Enterprise IT (GEIT)