A Case for a Process-based Approach to GRC
S. Ramanathan, CISA, CISSP
The subject of this article is to present a more fundamental approach to GRC and to suggest the most appropriate methodology to make the exercise sustainable.
An Approach Toward Sarbanes-Oxley ITGC Risk Assessment
Arvind Mehta, CISA, C-EH, ISO 27001 LA
The right approach to identify the exact scope and extent of testing for Sarbanes-Oxley ITGC is to perform a detailed risk assessment focused on the risks associated with each general control process area.
FISMA 2010: What It Means for IT Security Professionals
Tarak Modi, CISA, CISSP, PMP
This article looks at how FISMA and its family of key NIST SPs are changing to meet the challenges posed by increasingly elusive hackers who are using better and more sophisticated tools and techniques.
Giving Sustainability to COBIT PO9
Vítor Prisca, CISM, CGEIT, and Manuel Moreira, CISA, IPMA Level C: Certified Project Manager
This article presents an effective methodological approach to implement and sustain the COBIT PO9 "Assess and manage IT risks" process.
Seven Ways SMEs Can Benefit From GRC Solutions
SMEs are not required to demonstrate compliance to outside auditors or to the government. So how does an organization decide whether the benefits of implementing a second-generation GRC solution outweigh the cost?
Five Questions With...
Robert Schperberg, CISM, EnCEP
Schperberg is Chevron’s global IT forensics investigations lead.
Gan Subramaniam, CISA, CISM, CCNA, CCSA, CIA, CISSP, SSCP, ISO 27001 LA
By being clinical and dispassionate, with no personal agenda, auditors serve the best interests of their employers and their profession.
Mitigating IT Risks for Logical Access
Tommie W. Singleton, Ph.D., CISA, CGEIT, CITP, CMA, CPA
To mitigate the risks associated with access control, it is necessary to identify the risks associated with access controls and to assess the level of those risks.
JOnline: Fundamentals of IT Governance Based on ISO/IEC 38500
Haris Hamidovic, CIA
This article provides an introduction to the key elements of IT governance, to key industry frameworks used by organizations, and to guiding principles for directors of organizations on the use of IT based on ISO/IEC 38500:2008.
JOnline: Health Care Reform Legislation Survival Guide, Part 2
Christopher P. Buse, CISA, CISSP, CPA, Larry Marks, CISA, CGEIT, CFE, CISSP, PMP and Steve Sizemore, CISA, CGAP, CIA
This article discusses the US Department of Health and Human Services Health Breach Notification Rule: Final Rule.