Evolving IT Framework Standards (Compliance and IT)

Slides:

Advertisements

Similar presentations

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

Advertisements

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya

Agenda What is Compliance? Risk and Compliance Management

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

ISMS standards and control processes ISO27001 & ISO27002

Control and Accounting Information Systems

Control and Accounting Information Systems

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

Agenda COBIT 5 Product Family Information Security COBIT 5 content

Auditing Computer Systems

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

The Islamic University of Gaza

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

ISO Information Security Management

Security Controls – What Works

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

ISO 17799&ITS APPLICATION Prepared by Çağatay Boztürk

23 January 2003© All rights Reserved, 2002 Understanding Facilitated Risk Analysis Process (FRAP) and Security Policies for Organizations Infocomm Security.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

ISO 17799: Standard for Security Ellie Myler & George Broadbent, The Information Management Journal, Nov/Dec ‘06 Presented by Bhavana Reshaboina.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

First Practice - Information Security Management System Implementation and ISO Certification.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Session 3 – Information Security Policies

Fraud Prevention and Risk Management

Elements of Internal Controls Preventing Fraud, Waste, and Abuse in Urban and Rural Transit Systems.

Adaptive Processes Simpler, Faster, Better 1 Adaptive Processes Understanding Information Security ISO / BS7799.

Information Security Management BS 7799 now ISO 17799:2000 Paul M Kane nic.AC wwTLD Meeting Argentina April 2005.

INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.

Information Security Framework & Standards

MethodGXP The Solution for the Confusion.

Overview of Systems Audit

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.

Basics of OHSAS Occupational Health & Safety Management System

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

GRC - Governance, Risk MANAGEMENT, and Compliance

Chapter 5 Internal Control over Financial Reporting

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Roles and Responsibilities

Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.

Chapter 7 Control and AIS. Threats to AIS Natural disasters –DSM flood (p. 249) Political disasters –Terrorism Cyber crime (as opposed to general terrorism)

Presented by : Miss Vrindah Chaundee

INFORMATION SECURITY & RISK MANAGEMENT SZABIST – Spring 2012.

ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:

Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.

IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.

Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.

ISO DOCUMENTATION. ISO Environmental Management Systems2 Lesson Learning Goals At the end of this lesson you should be able to:  Name.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

IS 630 : Accounting Information Systems Auditing Computer-based Information Systems Lecture 10.

Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

© 2003 McGraw-Hill Australia Pty Ltd, PPTs t/a Accounting Information & Reporting Systems by A. Aseervatham and D. Anandarajah. Slides prepared by Kaye.

DCSS Information Security Office Partnership for a secure environment Lawrence “Buddy” Troxler Chief Information Security Officer February 13, 2011.

Chapter 3-Auditing Computer-based Information Systems.

Lecture 5 Control and AIS Copyright © 2012 Pearson Education 7-1.

Models of Security Management Matt Cupp. Overview What is Security Management? What is Security Management? ISO/IEC ISO/IEC NIST Special Publication.

Welcome to the ICT Department Unit 3_5 Security Policies.

ISO17799 / BS ISO / BS Introduction Information security has always been a major challenge to most organizations. Computer infections.

Information Security Management Goes Global

Lecture 09 Network Security Management through the ISMS

Information Security based on International Standard ISO 27001

INFORMATION SYSTEMS SECURITY and CONTROL

Awareness and Auditor training kit

Presentation transcript:

Evolving IT Framework Standards (Compliance and IT)

Jim Hulsey Sarbanes-Oxley The United States has clear legislation for Compliance in Information Technology. It is called ‘Sarbanes-Oxley’ and here is the basis of that law…

Jim Hulsey Regulatory and Standards Compliance Sarbanes-Oxley The Sarbanes-Oxley Act of 2002 Establishes new standards for Corporate Boards and Audit Committees Section 404: Management Assessment of Internal Control Sarbanes compliance is based on effective and efficient business processes including IT environment, enabled by properly designed and implemented technology, executed by competent people “Electronic paper trails" are necessary to ensure compliance From an IT perspective, the key to compliance is the documentation, monitoring, and management of the compliance control architecture

Jim Hulsey 21 CFR Part11 - Electronic Records and Electronic Signatures FDA specified its requirements for accepting electronic records in lieu of paper records Requires IT to design and qualify networks and the associated infrastructure and to operate them in a compliant manner Regulatory and Standards Compliance 21 CFR Part 11

Jim Hulsey ISO/IEC “Information Technology – Code of Practice for Information Security Management” offers guidelines and voluntary directions for information security management. BS7799-2:2002 “Information Security Management – Specification with Guidance for Use” is a standard specification for Information Security Management Systems (ISMS) ISMS is the means by which Senior Management Monitor and control their security, minimizing residual business risk and ensuring that security continues to fulfill corporate, customer and legal requirements. It forms part of an organization’s internal control system. Regulatory and Standards Compliance ISO and BS7799 > ISO series

Jim Hulsey 132 Controls under 11 sections Major Headings Security policy Organization of information security Asset management Human resources security Physical and environmental security Communications and operations management Access control Information systems acquisition, development and maintenance Information security incident management Business continuity management Compliance Regulatory and Standards Compliance ISO > ISO Series

Jim Hulsey Section 5: Physical and Environmental Security (Objectives) To reduce risks of human error, theft, fraud or misuse of facilities To ensure that users are aware of information security threats and concerns and are equipped to support the corporate security policy in the course of their normal work To minimize the damage from security incidents and malfunctions and learn from such incidents Regulatory and Standards Compliance ISO => ISO Series

Jim Hulsey Section 6: Computer & Network Management (Objectives) To ensure the correct and secure operation of information processing facilities To minimize the risk of systems failures To protect the integrity of software and information To maintain the integrity and availability of information processing and communication To ensure the safeguarding of information in networks and the protection of the supporting infrastructure To prevent damage to assets and interruptions to business activities Regulatory and Standards Compliance ISO => ISO Series

Jim Hulsey Section 9: Business Continuity and Disaster Recovery Planning (Objectives) To counteract interruptions to business activities and interruptions to critical business processes from the effects of major failures or disasters Regulatory and Standards Compliance ISO > ISO Series