Managerial Primer for Assuring Information Security
July 24, 2015 - Online event CA USCompliance4all
support@compliance4All.com
Phone:8004479407
Fax:302-288-6884
Information and associated technologies continue to advance toward diverse distributed configuration environments for entering, processing, storing, and retrieving data. The magnitude of changes occurring can be clearly seen in the explosion of linked IT infrastructures connected to cloud computing service providers and mobile computing devices. Consequently, the impact of such decentralization has increased the need for effective safeguarding of information assets. Foundationally paraphrasing from Title 44, Chapter 35, Subchapter III, Section 3542(b)(1) of the United States Code; the term "information security" is defined as the protecting of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Correspondingly, information security is typically a complex and dynamic safeguarding subject. Given the descriptive attributes normally associated with information security, IT auditors usually have a vast array of sub-topics to contemplate when performing information assets protection (IAP) related audits, reviews, or agreed-upon procedures. Information security design, deployment and assurance require dedication to continuous improvement to ensure optimum effectiveness and efficiency. Whereby, conformation of compliance with legislation, regulations, policies, directives, procedures, standards, and rules enable asserting ‘superior’ information security governance (ISG). Nonetheless, monitoring and evaluating the current state of implemented controls may take a variety of forms; including control self-assessments and IT audits. Furthermore, an IT auditor may not be the individual who executes an entity’s information security internal control review (ICR). However, an IT auditor may subsequently assess an ICR for effectiveness and/or efficiency. In the regulatory arena, a negative finding, coupled with prompt corrective actions can mitigate civil and criminal enforcement penalties, thereby potentially reducing or avoiding legal risks. Areas Covered in the Session: Forces impacting information security governance. Principles and practices for performing information security audits. Sound strategic and tactical information risk considerations. Three tiers of enterprise governance are examined in terms of their: Content Meaning Implementation factors Responsibilities Read more : http://www.compliance4all.com/control/w_product/~product_id=500364LIVE/