Presentation is loading. Please wait.

Presentation is loading. Please wait.

Is IT Compliance A Profession? A Workshop on Refining Our Common Body of Knowledge, Skills and Ethics Peter T. Davis Principal Peter Davis+Associates.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Is IT Compliance A Profession? A Workshop on Refining Our Common Body of Knowledge, Skills and Ethics Peter T. Davis Principal Peter Davis+Associates."— Presentation transcript:

1 Is IT Compliance A Profession? A Workshop on Refining Our Common Body of Knowledge, Skills and Ethics Peter T. Davis Principal Peter Davis+Associates

2 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 1 The Need Is compliance a profession or a job? Is there a need for a certification? Should the ITCi offer the certification? Or should they partner with someone else?

3 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 2 Professional Requirements Professions require 1.Code of Ethics 2.Body of Knowledge 3.Testing on the body of knowledge 4.Regulation

4 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 3 Qualifications Experience —Years —Disciplines Exam Code of Ethics Sponsor Grandfathering?

5 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 4 COMPBOK What is included in the Body of Knowledge? What will we call it? Do you think people would respond to a survey on job specifications? Should ITCi go for ANSI certification?

6 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 5 Suggested Table of Contents Management principles IT Governance Laws and regulations Records management Ethics Security Privacy Risk management Control self-assessment Investigations Performance management

7 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 6 Management Principles Processes and Business process mapping Controls and testing Plan  Organize  Staff  Direct  Control and PDCA/PDSA and DMAIC/DMADV Organizational and committee structure Marketing; influence without authority Budgeting Awareness and training Policy framework

8 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 7 IT Governance C OBI T ITIL ISO 27000 M_o_R CRAMM MSP PMBOK PRINCE2 CMMI Six Sigma

9 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 8 Laws and Regulations Legal concepts, e.g., evidence, eDiscovery Which ones? —SOX/Bill 198 —HIPAA —GLBA —PCI DSS —Privacy —Electronic evidence; e.g., FRCP

10 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 9 Records Management Legal requirements Guidelines Record retention policy Retention schedules Enabling technologies

11 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 10 Ethics “Tone at the Top” Legal and regulatory requirements Ethics topics Ethical fallacies and dilemmas Code of Conduct Ethics plan

12 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 11 Security CIA Compliance tools

13 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 12 Privacy Concepts Privacy enhancing technologies, i.e., PET

14 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 13 Risk Management Concepts Definitions Process Quantitative vs. qualitative

15 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 14 Control Self-Assessment Concepts Techniques Surveys

16 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 15 Investigations Organization Incident handling Forensics Reporting

17 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 16 Performance Management Process Definitions Metrics Reporting Maturity model?

18 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 17 Solicitation Would you like to help?

19 IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 18 Questions and Answers

20 Contact Information Peter T. Davis, Principal Peter Davis+Associates ptdavis@pdaconsulting.com 416-907-4041 Please Complete Your Session Evaluation

Download ppt "Is IT Compliance A Profession? A Workshop on Refining Our Common Body of Knowledge, Skills and Ethics Peter T. Davis Principal Peter Davis+Associates."

Similar presentations

IT Security Policy Framework

IT Security Policy Framework
Assessment Report Computer Science School of Science and Mathematics Kad Lakshmanan Chair Sandeep R. Mitra Assessment Coordinator.

Assessment Report Computer Science School of Science and Mathematics Kad Lakshmanan Chair Sandeep R. Mitra Assessment Coordinator.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
11 th International Symposium Loss Prevention and Process Safety Promotion in the Process Industries 1 OECD Workshop on Sharing Experience in the Training.

11 th International Symposium Loss Prevention and Process Safety Promotion in the Process Industries 1 OECD Workshop on Sharing Experience in the Training.
Security Controls – What Works

Security Controls – What Works
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
Training.

Training.
Supplier Ethics: Program Checklist

Supplier Ethics: Program Checklist
Continuing Professional Development Standards, principles, and practices.

Continuing Professional Development Standards, principles, and practices.
Project Quality Management

Project Quality Management
Diploma of Project Management Course Outline NSW Course Number 17872 Qualification Code BSB51407.

Diploma of Project Management Course Outline NSW Course Number Qualification Code BSB51407.
What is data quality? An introduction to the culture and philosophy of collecting and using accurate and useful data.

What is data quality? An introduction to the culture and philosophy of collecting and using accurate and useful data.
Legislative Review Regulated Health Professions Act Manitoba Chiropractors’ Association AGM March 22, 2009 Dr. Dan Wilson.

Legislative Review Regulated Health Professions Act Manitoba Chiropractors’ Association AGM March 22, 2009 Dr. Dan Wilson.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
Project Human Resource Management

Project Human Resource Management
How get your project management or professional services organization ISO 9001 certified.

How get your project management or professional services organization ISO 9001 certified.
Certificate IV in Project Management Project Management Environment Course Number 17871 Qualification Code BSB41507.

Certificate IV in Project Management Project Management Environment Course Number Qualification Code BSB41507.
Building Capacity to Direct Auditing Resources to Greatest Effect Gert van der Linde, World Bank Uganda, Kampala May 19, 2004.

Building Capacity to Direct Auditing Resources to Greatest Effect Gert van der Linde, World Bank Uganda, Kampala May 19, 2004.

Similar presentations

Ads by Google