Presentation is loading. Please wait.

Presentation is loading. Please wait.

Evolving IT Framework Standards (Compliance and IT)

Published byGwendolyn Dalton Modified over 8 years ago

Similar presentations

Presentation on theme: "Evolving IT Framework Standards (Compliance and IT)"— Presentation transcript:

1 Evolving IT Framework Standards (Compliance and IT)

2 Jim Hulsey Sarbanes-Oxley The United States has clear legislation for Compliance in Information Technology. It is called ‘Sarbanes-Oxley’ and here is the basis of that law…

3 Jim Hulsey Regulatory and Standards Compliance Sarbanes-Oxley The Sarbanes-Oxley Act of 2002 Establishes new standards for Corporate Boards and Audit Committees Section 404: Management Assessment of Internal Control Sarbanes compliance is based on effective and efficient business processes including IT environment, enabled by properly designed and implemented technology, executed by competent people “Electronic paper trails" are necessary to ensure compliance From an IT perspective, the key to compliance is the documentation, monitoring, and management of the compliance control architecture

4 Jim Hulsey 21 CFR Part11 - Electronic Records and Electronic Signatures FDA specified its requirements for accepting electronic records in lieu of paper records Requires IT to design and qualify networks and the associated infrastructure and to operate them in a compliant manner Regulatory and Standards Compliance 21 CFR Part 11

5 Jim Hulsey ISO/IEC 17799 “Information Technology – Code of Practice for Information Security Management” offers guidelines and voluntary directions for information security management. BS7799-2:2002 “Information Security Management – Specification with Guidance for Use” is a standard specification for Information Security Management Systems (ISMS) ISMS is the means by which Senior Management Monitor and control their security, minimizing residual business risk and ensuring that security continues to fulfill corporate, customer and legal requirements. It forms part of an organization’s internal control system. Regulatory and Standards Compliance ISO 17799 and BS7799 > ISO 27000 series

6 Jim Hulsey 132 Controls under 11 sections Major Headings Security policy Organization of information security Asset management Human resources security Physical and environmental security Communications and operations management Access control Information systems acquisition, development and maintenance Information security incident management Business continuity management Compliance Regulatory and Standards Compliance ISO 17799 > ISO 27000 Series

7 Jim Hulsey Section 5: Physical and Environmental Security (Objectives) To reduce risks of human error, theft, fraud or misuse of facilities To ensure that users are aware of information security threats and concerns and are equipped to support the corporate security policy in the course of their normal work To minimize the damage from security incidents and malfunctions and learn from such incidents Regulatory and Standards Compliance ISO 17799 => ISO 27000 Series

8 Jim Hulsey Section 6: Computer & Network Management (Objectives) To ensure the correct and secure operation of information processing facilities To minimize the risk of systems failures To protect the integrity of software and information To maintain the integrity and availability of information processing and communication To ensure the safeguarding of information in networks and the protection of the supporting infrastructure To prevent damage to assets and interruptions to business activities Regulatory and Standards Compliance ISO 17799 => ISO 27000 Series

9 Jim Hulsey Section 9: Business Continuity and Disaster Recovery Planning (Objectives) To counteract interruptions to business activities and interruptions to critical business processes from the effects of major failures or disasters Regulatory and Standards Compliance ISO 17799 > ISO 27000 Series

Download ppt "Evolving IT Framework Standards (Compliance and IT)"

Similar presentations

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.

Copyright © XiSEC, All rights reserved, 2002 Secure Computing Best Lifetime Achievement Award 2002 Ted Humphreys Information Security Management Goes Global.
Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.

Nishidh, CISSP. To comply with Sarbanes oxley and other legislations To comply with industry standards and business partner requirements To protect.
Dr Lami Kaya LamiKaya@gmail.com ISO 27001 Information Security Management System (ISMS) Certification Overview Dr Lami Kaya LamiKaya@gmail.com.

Dr Lami Kaya ISO Information Security Management System (ISMS) Certification Overview Dr Lami Kaya
Agenda What is Compliance? Risk and Compliance Management

Agenda What is Compliance? Risk and Compliance Management
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
ISMS standards and control processes ISO27001 & ISO27002

ISMS standards and control processes ISO27001 & ISO27002
Control and Accounting Information Systems

Control and Accounting Information Systems
Control and Accounting Information Systems

Control and Accounting Information Systems
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Agenda COBIT 5 Product Family Information Security COBIT 5 content

Agenda COBIT 5 Product Family Information Security COBIT 5 content
Auditing Computer Systems

Auditing Computer Systems
Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.

Auditor General’s Office One key audit focus area – Compliance with Laws and Regulations.
The Islamic University of Gaza

The Islamic University of Gaza
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
ISO Information Security Management

ISO Information Security Management
Security Controls – What Works

Security Controls – What Works
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
ISO 17799&ITS APPLICATION Prepared by Çağatay Boztürk 14.06.2005.

ISO 17799&ITS APPLICATION Prepared by Çağatay Boztürk
23 January 2003© All rights Reserved, 2002 Understanding Facilitated Risk Analysis Process (FRAP) and Security Policies for Organizations Infocomm Security.

23 January 2003© All rights Reserved, 2002 Understanding Facilitated Risk Analysis Process (FRAP) and Security Policies for Organizations Infocomm Security.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

Similar presentations

Ads by Google