Events

Managerial Primer for Assuring Information Security

Created by Adam Fleaming (See other events)
  • Jul 24, 2015 from 12:00 to 13:00
  • Location: Online Event
  • Latest Activity: Oct 12, 2020

Information and associated technologies continue to advance toward diverse distributed configuration environments for entering, processing, storing, and retrieving data. The magnitude of changes occurring can be clearly seen in the explosion of linked IT infrastructures connected to cloud computing service providers and mobile computing devices. Consequently, the impact of such decentralization has increased the need for effective safeguarding of information assets. 

Foundationally paraphrasing from Title 44, Chapter 35, Subchapter III, Section 3542(b)(1) of the United States Code; the term "information security" is defined as the protecting of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Correspondingly, information security is typically a complex and dynamic safeguarding subject. Given the descriptive attributes normally associated with information security, IT auditors usually have a vast array of sub-topics to contemplate when performing information assets protection (IAP) related audits, reviews, or agreed-upon procedures. 

Information security design, deployment and assurance require dedication to continuous improvement to ensure optimum effectiveness and efficiency. Whereby, conformation of compliance with legislation, regulations, policies, directives, procedures, standards, and rules enable asserting ‘superior’ information security governance (ISG). Nonetheless, monitoring and evaluating the current state of implemented controls may take a variety of forms; including control self-assessments and IT audits. Furthermore, an IT auditor may not be the individual who executes an entity’s information security internal control review (ICR). However, an IT auditor may subsequently assess an ICR for effectiveness and/or efficiency. In the regulatory arena, a negative finding, coupled with prompt corrective actions can mitigate civil and criminal enforcement penalties, thereby potentially reducing or avoiding legal risks. 

Areas Covered in the Session:

  • Forces impacting information security governance.
  • Principles and practices for performing information security audits.
  • Sound strategic and tactical information risk considerations.
  • Three tiers of enterprise governance are examined in terms of their:
    • Content
    • Meaning
    • Implementation factors
    • Responsibilities 

Read more :http://www.compliance4all.com/control/w_product/~product_id=500364LIVE/

E-mail me when people leave their comments –
Follow

You need to be a member of Global Risk Community to add comments!

Join Global Risk Community

Upcoming Featured events

 

    About Us

    The GlobalRisk Community is a thriving community of risk managers and associated service providers. Our purpose is to foster business, networking and educational explorations among members. Our goal is to be the worlds premier Risk forum and contribute to better understanding of the complex world of risk.

    Business Partners

    For companies wanting to create a greater visibility for their products and services among their prospects in the Risk market: Send your business partnership request by filling in the form here!

lead