GLOBAL STANDARD FOR INFORMATION MANAGEMENT
|
|
- Henry Casey
- 8 years ago
- Views:
Transcription
1 GLOBAL STANDARD FOR INFORMATION MANAGEMENT Manohar Ganshani Businesses have today expanded beyond local geographies. Global presence demands uniformity within the processes across disparate locations of the organisation s business in order to provide consistent response to business needs. The information technology remains the central element of information management due to the fact that most of the information resides in and is processed by IT. To bring about uniformity within the processes, organisations need to adopt a standard that meets the business objectives. This leads to the question, which standard to choose and adopt? The challenge is further compounded not only by the standard but by the fact that the organisations have to comply with multiple regulations and legal requirements while transacting the business across boundaries. So the question turns into a puzzle: Do we need a global standard for information management? This article attempts to solve the puzzle and offers an approach based on how the complex organisations treat this puzzle, though it need not be the only suggested approach or alternative.
2 Best practices, standards, and framework For the sake of clarity and to avoid a situation where these terms are used interchangeably here is a simple definition of these terms. Best practices Result/output oriented cost-beneficial informally accepted methods followed by homogeneous industries across the world. Organisations generally tweak them depending upon individual requirements. For example, unified customer experience offered by some of the global banks, quality initiatives (Six Sigma, CMMI etc), balanced scorecard for performance measurements and so on. Standards Framework Mainly address WHAT part of best practices. Provide uniformity for processes to be followed and offer opportunity of certification. In case of certification, compliance is mandatory. For example, various standards by International Standards Organisation (ISO), British Standards Institute (BSI), American National Standards Institute (ANSI), Australia-New Zealand Standards (ANZ) and so on. Addresses HOW part of implementation of standards/best practices. Provides a set of key ingredients and processes to build maturity models. For example - Committee of Sponsoring Organisations (COSO), Control Objectives for Information and related Technology (COBIT) and Risk IT (IT risk maturity assessment) by IT Governance Institute, ITIL (Information Technology Infrastructure Library) and so on. Various facets of compliance Legal Regulatory Laws enacted by sovereign governments applicable to organisations registered/operating in government s territory. Sarbanes-Oxley, Gramm-Leach-Bliley Act (GLBA), IT Act (Amendment) 2008, North American Electric Reliability Corporation (NERC), Health Insurance Portability and Accountability Act (HIPPA), privacy acts, data protection acts. Requirements specified by authorised agencies for specific industries. BASEL II (through central banks), Securities and Exchange Commission (SEC), Securities and Exchange Board of India (SEBI), Payment Card Industry Data Security Standard (PCI DSS) etc.
3 External Internal Industry mandates eg SAS 70. Business strategy and company policies. Legal and regulatory compliances are necessary to protect stakeholders interests. Essence of information management It is important to understand the essence of information management before deliberating on the need for a global standard. COBIT defines information management as IT resources and processes that provide information to the business processes to achieve business objectives. Although information management does not necessarily cover only IT resources and processes, dependency of organisations on IT for information management makes it relevant. Thus reliable information needs to be made available without compromising the security, through an optimum (efficient) use of resources whenever needed and should be relevant (effective) to the business, for management to take decisions. The mechanism of provisioning the information in an effective and efficient manner deals with the governance aspect of it. So essentially, information management is like a coin that has two sides ie information governance and information security. Since most of the information is held in IT systems, IT governance would meet the objective of information governance to a large extent. This may be debatable however the idea is that the approach applied for information within IT system can be extended for manual processes within the information management. The solution The solution to the puzzle lies in understanding the essence of information management. We now need to deal with two aspects, ie IT governance and information security. Most of the mature organisations have adopted one standard and then looked at the incremental requirements of various other compliances, for dealing with these two aspects. Having a close look at the umbrella of available standard set COSO, for example, provides a framework at a high level to deal with internal controls while COBIT provides guidelines to implement controls for interface between business management and IT related activities (and is lower level to deal with maturity assessment). ITIL4 (for IT Service management) and ISO (for information security) are further granular, reaching to operational level. It is ideal to have a common requirement of standards to build information management that demands compliance with more than one standard to meet the business needs. The fact is that smart and complex organisations leverage the existing
4 standard and framework and benefit from the intersection of these framework and standards in conjunction with best practices. Challenges 1. Identification Identifying the base standard/framework is key to the success of information management since this is going to be the foundation. One approach is to create a business case where the business impact would help determine the base standard. The business impact would consider various parameters like fulfillment of security and privacy requirements, alignment with the business objectives, skill and resource requirements, regulatory and legal compliance requirements etc. 2. Interpretation and scope coverage The interpretation should provide the required coverage of scope in terms of scalability and expansion to other boundaries. 3. Implementation and sustenance While satisfying the two fold requirements of information management, it is ideal to have the processes of the standard/framework chosen automated to maintain the consistency and transparency in the subsequent reporting process. Not only that, automation also results into an easier change management process. The key challenge here is the selection of an IT GRC tool. Look for an IT GRC tool that provides benefit in terms of customisation and scalability without calling for extraordinary skills. Sustenance is more imperative from assurance perspective and not merely from the certification perspective. To conclude, it is imperative to use a unified compliance framework and to adopt a risk based approach while choosing and adopting a standard, framework and compliance (regulatory, legal or industry mandates) requirements. Risk based approach would help to determine the impacting regulation and standard to be used from the umbrella of existing standards, framework, best practices etc. Unified compliance framework will help build the common requirements and then evolve a process to deal with the delta change due to the new regulations as the business crosses the existing boundaries. It serves the purpose of governance, security and therefore meets the essence of information management that aligns with the business objectives. In a nutshell, there is no need for yet another global standard.
5 References 1. COBIT - The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology management created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI). 2. COSO - The Committee of Sponsoring Organisations (COSO) is a voluntary private-sector organisation. COSO framework provides guidance on organisational governance, internal control, fraud, enterprise risk management and financial reporting. 3. ISO27001: An ISO/IEC family standard for Information Security Management Systems. However there are revisions to ISO27001 for meeting other different requirements like ISO27004 which is the designated number for a new standard covering information security system management measurement and metrics. 4. ITIL - IT Infrastructure Library originally created by the UK government is the framework for building and implementing IT service management in an organisation. About the author: Manohar Ganshani is practice partner for governance risk and compliance practice at Wipro Consulting Services. The article has inputs and review comments also from Sunil Bakshi who is a senior manager in the same team.
AN OVERVIEW OF INFORMATION SECURITY STANDARDS
AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced
More informationMaking Compliance Work for You
white paper Making Compliance Work for You with application lifecycle management Rocket bluezone.rocketsoftware.com Making Compliance Work for You with Application Lifecycle Management A White Paper by
More informationEnhancing IT Governance, Risk and Compliance Management (IT GRC)
Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT
More informationKey Speculations & Problems faced by Cloud service user s in Today s time. Wipro Recommendation: GRC Framework for Cloud Computing
Contents Introduction Why GRC Assessment Benefits of Cloud computing and Problem Statement Key Speculations & Problems faced by Cloud service user s in Today s time Threats, Vulnerabilities and related
More information14 October 2015 ISACA Curaçao Conference By: Paul Helmich
Governance, Risk & Compliance A practical approach 14 October 2015 ISACA Curaçao Conference By: Paul Helmich Topics today What is GRC? How much of all the GRC literature, tools, etc. do I need to study
More informationENTERPRISE RISK MANAGEMENT FOR BANKS
ENTERPRISE RISK MANAGEMENT FOR BANKS Seshagiri Rao Vaidyula, Senior Manager, Governance, Risk and Compliance Jayaprakash Kavala, Consultant, Banking and Financial Services 1 www.wipro.com/industryresearch
More informationMapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA
Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT
More informationTrends in Information Technology (IT) Auditing
Trends in Information Technology (IT) Auditing Padma Kumar Audit Officer May 21, 2015 Discussion Topics Common and Emerging IT Risks Trends in IT Auditing IT Audit Frameworks & Standards IT Audit Plan
More informationPrincipled Performance & GRC
part of GRC Fundamentals Principled Performance & GRC How principled performance is the new normal and the imperative for integrating governance, performance, risk, internal control and compliance management
More informationSelf-Service SOX Auditing With S3 Control
Self-Service SOX Auditing With S3 Control The Sarbanes-Oxley Act (SOX), passed by the US Congress in 2002, represents a fundamental shift in corporate governance norms. As corporations come to terms with
More informationWhat Should IS Majors Know About Regulatory Compliance?
What Should IS Majors Know About Regulatory Compliance? Working Paper Series 08-12 August 2008 Craig A. VanLengen Professor of Computer Information Systems/Accounting Northern Arizona University The W.
More informationIT Compliance 24.09.2007. After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)
IT Compliance 24.09. AHS After Hours Seminar Zurich Improving IT Risk & Compliance Management (RCM) Bruno J. Wiederkehr Member of the Board ISACA Switzerland Chapter Agenda 1. Understanding the RCM Requirements
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationGobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI
Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory
More informationExecutive's Guide to
Executive's Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER WILEY John Wiley & Sons, Inc. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS
More informationCOBIT 4.1 TABLE OF CONTENTS
COBIT 4.1 TABLE OF CONTENTS Executive Overview....................................................................... 5 COBIT Framework.........................................................................
More informationCOBIT Helps Organizations Meet Performance and Compliance Requirements
DISCUSS THIS ARTICLE COBIT Helps Organizations Meet Performance and Compliance Requirements By Sreechith Radhakrishnan, COBIT Certified Assessor, ISO/IEC 20000 LA, ISO/IEC 27001 LA, ISO22301 LA, ITIL Expert,
More informationBenchmark of controls over IT activities. 2011 Report. ABC Ltd
www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012 Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company)
More informationHow to Lead the People in a Program Based Environment
SESSION ID: GRC-W01 Balancing Compliance and Operational Security Demands Steve Winterfeld Bank Information Security Officer CISSP, PCIP What is more important? Compliance with laws / regulations Following
More informationBADM 590 IT Governance, Information Trust, and Risk Management
BADM 590 IT Governance, Information Trust, and Risk Management Information Technology Infrastructure Library (ITIL) Spring 2007 By Po-Kun (Dennis), Tseng Abstract: This report is focusing on ITIL framework,
More informationITIL AND COBIT EXPLAINED
ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison
More informationCOBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process
Proceedings of FIKUSZ 13 Symposium for Young Researchers, 2013, 67-76 pp The Author(s). Conference Proceedings compilation Obuda University Keleti Faculty of Business and Management 2013. Published by
More informationIT Governance Dr. Michael Shaw Term Project
IT Governance Dr. Michael Shaw Term Project IT Auditing Framework and Issues Dealing with Regulatory and Compliance Issues Submitted by: Gajin Tsai gtsai2@uiuc.edu May 3 rd, 2007 1 Table of Contents: Abstract...3
More informationSecurity Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background
Security Survey 2009: Privileged User Management It s Time to Take Control Frequently Asked Questions and Background What is a privileged user? A privileged user is an individual who, by virtue of function,
More informationEnabling Compliance Requirements using ISMS Framework (ISO27001)
Enabling Compliance Requirements using ISMS Framework (ISO27001) Shankar Subramaniyan Manager (GRC) Wipro Consulting Services Shankar.subramaniyan@wipro.com 10/21/09 1 Key Objectives Overview on ISO27001
More informationCompliance and Governance
Compliance and Governance Compliance and Governance Governance is concerned with accountability and responsibility in terms of the standards that are used to direct and control an IS department. The wave
More informationSecurity & IT Governance: Strategies to Building a Sustainable Model for Your Organization
Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization Outside View of Increased Regulatory Requirements Regulatory compliance is often seen as sand in the gears requirements
More informationEnabling Information PREVIEW VERSION
Enabling Information These following pages provide a preview of the information contained in COBIT 5: Enabling Information. The main benefit of this publication is that it provides COBIT 5 users with a
More informationGeoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com
COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.
More informationPresentation on COBIT Education
http://www.itpreneurs.com Presentation on COBIT Education Mastering COBIT with effective learning solutions Arjan Woertman ITpreneurs This COBIT product suite includes COBIT 4.0, which is used by permission
More informationSITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre
SITA Service Management Strategy Implementation Presented by: SITA Service Management Centre Contents What is a Service? What is Service Management? SITA Service Management Strategy Methodology Service
More informationIT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma
IT Governance, Risk and Compliance (GRC) : A Strategic Priority Joerg Asma Agenda Introductions An Overview of IT Governance Risk & Compliance (IT-GRC) The Value Proposition Implementing an IT-GRC Program
More informationAchieving Business Imperatives through IT Governance and Risk
IBM Global Technology Services Achieving Business Imperatives through IT Governance and Risk Peter Stremus Internet Security Systems, an IBM Company Introduction : Compliance Value Over the past 15 years
More informationThe Copenhagen Compliance Governance Framework is based on the Nordic Governance Model
GRC Frameworks Series The Copenhagen Compliance Governance Framework is based on the Nordic Governance Model Nordic companies have transformed regulatory authority and mechanisms of the welfare state to
More informationThis article will provide background on the Sarbanes-Oxley Act of 2002, prior to discussing the implications for business continuity practitioners.
Auditing the Business Continuity Process Dr. Eric Schmidt, Principal, Transitional Data Services, Inc. Business continuity audits are rapidly becoming one of the most urgent issues throughout the international
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationIt s All About Process
It s All About Process A White Paper By Gary Guttridge Principal Change Manage IT Ltd. It s All About Process Page 1 of 10 1. INTRODUCTION As long ago as 1931, the distinguished American economist, William
More informationHarmonizing Your Compliance and Security Objectives. Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology
Harmonizing Your Compliance and Security Objectives Bonnie A. Goins Adjunct Professor, Illinois Institute of Technology Make sure efforts serve multiple purposes Use standards to guide effort Repeatable
More informationINFORMATION TECHNOLOGY FLASH REPORT
INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally
More informationTWO-THIRDS OF ORGANISATIONS HAVE ENGAGED WITH ITIL Is your Company an IT Service Management Laggard?
For further information: Hilary King Dimension Data Tel: +27 11 575 6728 Cell: +27 82 414 9623 Fax: +27 11 576 6728 hilary.king@za.didata.com EMBARGOED: NOT FOR PUBLICATION UNTIL 22h00 CAT ON 28 FEBRUARY
More informationCOBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More informationCA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes.
TECHNOLOGY BRIEF: REDUCING COST AND COMPLEXITY WITH GLOBAL GOVERNANCE CONTROLS CA HalvesThe Cost Of Testing IT Controls For Sarbanes-Oxley Compliance With Unified Processes. Table of Contents Executive
More informationIntroduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors
Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors Importance of Effective Internal Controls and COSO COSO
More informationFeature. A Higher Level of Governance Monitoring IT Internal Controls. Controls tend to degrade over time and between audits.
Feature A Higher Level of Governance Monitoring IT Internal Controls Mike Garber, CGEIT, CIA, CITP, CPA, has many years experience as both director for IT governance and as IT audit director for Motorola
More information26 February 2007. Ms. Nancy M. Morris, Secretary Securities and Exchange Commission 100 F Street NE Washington, DC 20549-1090
3701 Algonquin Road, Suite 1010 Telephone: 847.253.1545 Rolling Meadows, Illinois 60008, USA Facsimile: 847.253.1443 Web Sites: www.isaca.org and www.itgi.org 26 February 2007 Ms. Nancy M. Morris, Secretary
More informationIT Risk Management Life Cycle and enabling it with GRC Technology
IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?
More informationStrong IT Governance: Ethical Arguments & GRC Convergence Strategies. A Crash Course in IT Governance & Compliance
Strong IT Governance: Ethical Arguments & GRC Convergence Strategies Chrisan Herrod, CISA VP, Business Development, Executive Editor, The Compliance Authority Aaron Parks, CISA, CISM, CCEP Assoc. Director,
More informationCase Study: ICICI BANK INTERNAL AUDIT DEPARTMENT PENTANA AUDIT WORK SYSTEM IMPLEMENTATION
Introduction Emerging trends in the banking sector due to globalisation, liberalisation, increasing environment complexity, regulatory requirements & accountability is driving banks in India to adopt &
More informationThe Role of Governance, Risk and Compliance in a Firm
Technology Investment: Achieving Balance Between Business Requirements and Regulatory Compliance Over the past decade, IT organizations have endured a historic pendulum swing, from reckless IT development
More informationITIL and ISO/IEC 27001 How ITIL can be used to support the delivery of compliant practices for Information Security Management Systems
ITIL and ISO/IEC 27001 How ITIL can be used to support the delivery of compliant practices for Information Security Management Systems Mark Sykes Principal Consultant Fox IT Ltd and Nigel Landman Managing
More informationIntegrated Information Management Systems
Integrated Information Management Systems Ludk Novák ludek.novak@anect.com ANECT a.s. Brno, Czech Republic Abstract The article tries to find consensus in these tree different types of the systems the
More informationCriticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3
Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation
More informationComply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan
Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan You Can Offset the Costs of Compliance! Complexity Drives Cost UP Sarbanes-Oxley HIPAA EPA Basel II M&A
More informationAgile Governance. Appropriate oversight for the Agile organisation. Chris Davies AXA Personal Lines Insurance. Andrew Craddock Partner - nlighten
Appropriate oversight for the Agile organisation Andrew Craddock Partner - nlighten Chris Davies AXA Personal Lines Insurance Governance Corporate Governance the set of processes, customs, policies, laws,
More informationIT Governance. Infocom India Presentation. Pathfinder Technology Solutions. December 6, 2006
IT Governance Infocom India Presentation December 6, 2006 Pathfinder Technology Solutions Agenda Why have IT Governance? What is IT Governance? Various elements of IT Governance Frameworks for IT Governance
More informationPROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution
PROTEUS Enterprise - IT Governance, Risk and Compliance Management Solution 1. The Challenge Large enterprises are experiencing an ever increasing burden of regulation and legislation against which they
More informationASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT
Accounting and Management Information Systems Vol. 11, No. 1, pp. 44 55, 2012 ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Pavel NĂSTASE 1 and Simona Felicia UNCHIAŞU
More informationBased on 2008 Survey of 255 Non-IT CEOs/Executives
Based on 2008 Survey of 255 Non-IT CEOs/Executives > 50% Ranked ITG as very important > 75% of businesses consider ITG to be an integral part of enterprise governance, but the overall maturity level is
More informationIT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE
1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH
More informationGovernance For Compliance The Convergence of Central and Distributed IT Compliance Presented to VASCAN Conference 2009
Governance For Compliance The Convergence of Central and Distributed IT Compliance Presented to VASCAN Conference 2009 JASON C. RICHARDS CHIEF INFORMATION SECURITY OFFICER VIRGINIA COMMUNITY COLLEGE SYSTEM
More informationCertified Software Quality Assurance Professional VS-1085
Certified Software Quality Assurance Professional VS-1085 Certified Software Quality Assurance Professional Certified Software Quality Assurance Professional Certification Code VS-1085 Vskills certification
More informationCHArTECH BOOkS MANAgEMENT SErIES INTrODuCINg ITSM AND ITIL A guide TO IT SErvICE MANAgEMENT www.icaew.com/itfac
Chartech Books Management Series Introducing ITSM and ITIL A Guide to IT Service Management www.icaew.com/itfac Introducing ITSM and ITIL A Guide to IT Service Management by Colin Rudd This report is published
More informationSarbanes-Oxley Compliance and Identity and Access Management
A Bull Evidian White Paper Summary of Contents Introduction Sarbanes-Oxley Reference Framework IAM and Internal Controls over Financial Reporting Features Improve Efficiency with IAM Deploying IAM to Enforce
More informationWhite Paper. Ensuring Network Compliance with NetMRI. An Opportunity to Optimize the Network. Netcordia
White Paper Ensuring Network Compliance with NetMRI An Opportunity to Optimize the Network Netcordia Copyright Copyright 2006 Netcordia, Inc. All Rights Reserved. Restricted Rights Legend This document
More informationCloud Governance is more than Security. Cloud Law or Legal Cloud?
more than Security Cloud Law or Legal Cloud? more than Security Governance principles more than Security Governance principles 1. Context definition Which organisation/ structure? Which roles and responsibilities?
More informationThe changing lens of information security kpmg.com
IT ADVISORY SERVICES The changing lens of information security kpmg.com 2 Section or Brochure name The changing lens of information security Enabling business via information protection programs Contents
More informationIT governance in Brazil:
Article IT governance in Brazil: does it matter? Authors Prof. Dr. Guilherme Lerch Lunardi, Universidade Federal do Rio Grande (FURG), Brazil. IT governance in Brazil Prof. Dr. Joâo Luiz Becker, Universidade
More informationHow To Ensure Financial Compliance
Evolving from Financial Compliance to Next Generation GRC Gary Prince Principal Solution Specialist - GRC Agenda Business Challenges Oracle s Leadership in Governance, Risk and Compliance Solution Overview
More informationDomenico Raguseo. IT Governance e Business Technology (approfondimenti su ITIL)
IT Governance e Business Technology (approfondimenti su ITIL) Domenico Raguseo Italy Client Technical Professional Manager SW Europe Service Management Solution Architect Leader http://www.linkedin.com/in/dragus
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationUsing COSO Small Business Guidance for Assessing Internal Financial Controls
Using COSO Small Business Guidance for Assessing Internal Financial Controls By János Ivanyos, Memolux Ltd. (H), IIA Hungary Introduction New generation of general models referring to either IT or Internal
More informationThe Future of Best Practices in IT Service Management - ITIL Version 3 Explained
The Future of Best Practices in IT Service Management - ITIL Version 3 Explained Reg Harbeck CA Monday, August 13, 2007 Session 1455 ITIL V3: The Processes Governance Processes: Service Measurement Service
More informationITIL's IT Service Lifecycle - The Five New Silos of IT
The workable, practical guide to Do IT Yourself Vol. 4.01 January 1, 2008 ITIL's IT Service Lifecycle - The Five New Silos of IT By Rick Lemieux In my last article I spoke about IT s evolution from its
More informationIT Governance Implementation Workshop
IT Governance Implementation Workshop 3 Full day power packed workshop facilitated by Mr. Gary Allan Banister and Mr. Sreechith Radhakrishnan About the Programme Information is created, used, retained,
More informationOpen Certification Framework. Vision Statement
Open Certification Framework Vision Statement Jim Reavis and Daniele Catteddu August 2012 BACKGROUND The Cloud Security Alliance has identified gaps within the IT ecosystem that are inhibiting market adoption
More informationSymantec Control Compliance Suite Content Third-party License Agreements Readme. Version 10.0
Symantec Control Compliance Suite Content Third-party License Agreements Readme Version 10.0 Symantec Control Compliance Suite Content Third-party License Agreements Readme Legal Notice Copyright 2010
More informationQRadar SIEM 6.3 Datasheet
QRadar SIEM 6.3 Datasheet Overview Q1 Labs flagship solution QRadar SIEM is unrivaled in its ability to provide an organization centralized IT security command and control. The unique capabilities of QRadar
More informationWhite Paper. Continuous Process Improvement (CPI) Integrating Systems. Paper 2 of 2. Six Sigma Black Belt
White Paper Continuous Process Improvement (CPI) Integrating Systems Paper 2 of 2 Authored by: Sam Conjardi Six Sigma Black Belt Contents Introduction... 3 Complementary Systems... 3 Integrating Systems...
More informationUncheck Yourself. by Karen Scarfone. Build a Security-First Approach to Avoid Checkbox Compliance. Principal Consultant Scarfone Cybersecurity
Uncheck Yourself Build a Security-First Approach to Avoid Checkbox Compliance by Karen Scarfone Principal Consultant Scarfone Cybersecurity Sponsored by www.firehost.com (US) +1 844 682 2859 (UK) +44 800
More informationSUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR
SUPPLY CHAIN ASSURANCE FRAMEWORK: THE SUPPLY CHAIN STANDARDS TRANSLATOR Michael de Crespigny, CEO Information Security Forum Session ID: GRC R02B Session Classification: General Interest KEY ISSUE Our
More informationGuide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions
Guide to the Sarbanes-Oxley Act: IT Risks and Controls Frequently Asked Questions Table of Contents Page No. Introduction.......................................................................1 Overall
More informationChayuth Singtongthumrongkul
IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional
More informationIT Governance A Framework for Performance and Compliance
IT Governance A Framework for Performance and Compliance Ron Saull Great-West Life IGM Financial Senior Vice-President and CIO Information Services Organisation ITGI Japan Opening Celebration Conference
More informationProject Management and ITIL Transitions
Project Management and ITIL Transitions April 30 th 2012 Linda Budiman Director CSC 1 Agenda Thought Leadership: Linda Budiman What is ITIL & Project Management: Applied to Transitions Challenges & Successes:
More informationCreating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services
Creating Business Value with Effective, Pervasive Cloud Security and Cloud Enablement Services Managing Governance, Risk, and Compliance for Cloud Information Security Introduction Businesses today are
More informationSecurity and Privacy in Cloud Computing
Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges
More informationSurviving an Identity Audit
What small and midsize organizations need to know about the identity portion of an IT compliance audit Whitepaper Contents Executive Overview.......................................... 2 Introduction..............................................
More informationiso20000templates.com
iso20000templates.com Public IT Limited 2011 IT Service Policy Document Ref. ITSM01001 Version: 1.0 Draft 1 Document Author: Document Owner: V 1.0 Draft 1 Page 1 of 11 Revision History Version Date RFC
More informationSecurity Information Lifecycle
Security Information Lifecycle By Eric Ogren Security Analyst, April 2006 Copyright 2006. The, Inc. All Rights Reserved. Table of Contents Executive Summary...2 Figure 1... 2 The Compliance Climate...4
More informationDesign of Database Security Policy In Enterprise Systems
Design of Database Security Policy In Enterprise Systems by Krishna R Singitam Database Architect Page 1 of 10 Table of Contents 1. Abstract... 3 2. Introduction... 3 2.1. Understanding the Necessity of
More informationThe New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework
The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,
More informationESET Secure Authentication
ESET Secure Authentication Second factor authentication and compliance Document Version 1.2 6 November, 2013 www.eset.com ESET Secure Authentication - second factor authentication and compliance 2 2 Summary
More informationContents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.
iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management
More informationPreparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000
Preparation Guide Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000 Edition June 2015 Copyright 2015 EXIN All rights reserved. No part of this publication may be published,
More informationInformation Technology Governance. Steve Crutchley CEO - Consult2Comply www.consult2comply.com
Information Technology Governance Steve Crutchley CEO - Consult2Comply www.consult2comply.com What is IT Governance? Information Technology Governance, IT Governance is a subset discipline of Corporate
More informationAn Implementation Roadmap
An Implementation Roadmap The 2nd Abu Dhabi IT s Forum P J Corum, CSQA, CSTE, ITSM Managing Director Quality Assurance Institute Middle East and Africa Dubai, UAE Quality Assurance Institute Middle East
More informationRISK MANAGEMENT PROGRAM THAT WORKS FOUR KEYS TO CREATING A VENDOR. HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655
FOUR KEYS TO CREATING A VENDOR RISK MANAGEMENT PROGRAM THAT WORKS HEADQUARTERS 33 Bradford Street Concord, MA 01742 PHONE: 978-451-7655 FOUR KEYS TO CREATING A VENDOR RISK MANAGEMENT PROGRAM THAT WORKS
More informationfor Oil & Gas Industry
Wipro s Upstream Storage Solution for Oil & Gas Industry 1 www.wipro.com/industryresearch TABLE OF CONTENTS Executive summary 3 Business Appreciation of Upstream Storage Challenges...4 Wipro s Upstream
More informationNationwide Cyber Security Review (NCSR) Frequently Asked Questions
Nationwide Cyber Security Review (NCSR) Frequently Asked Questions Table of Contents NCSR Frequently Asked Questions Nationwide Cyber Security Review (NCSR)... 1 Frequently Asked Questions... 1 1. What
More informationITIL and Outsourcing Engagements
ITIL and Outsourcing Engagements A Trestle Group Research Publication TABLE OF CONTENTS Executive Summary About the Author About Trestle Group Research What is ITIL? The Relationship between ITIL and Outsourcing
More information