Information Security - Are You Protected?

Thread: Information Security - Are You Protected?

Search this list only Search all lists
Information Security - Are You Protected?
United States	2007-07-30 14:46:22

The eye sees only what the mind is prepared to comprehend. — Henry Bergson, French Philosopher (1859-1941). Man's mind once stretched by a new idea, never regains its original dimension. — Oliver Wendell __________________________________________________________ 1. Expert Corner: Information Security - Are You Protected? http://ethisphere.com/expert-corner-4/ Evaluating Security The exact role of internal audit regarding information security varies widely among companies, but it always provides a significant opportunity for internal audit to deliver real value to the board and management. Internal auditors should play an important role in ensuring that information security efforts have a positive effect on an organization and protect the organization from harm. Why worry so much about information security? Consider some reasons why organizations need to protect their information: Availability. Can your organization ensure prompt access to information or systems to authorized users? Do you know if your critical information is regularly backed-up and can be easily restored? Integrity of data and systems. Are your board and audit committee confident they can rest assured that this information has not been altered in an unauthorized manner and that systems are free from unauthorized manipulation that could compromise reliability? Confidentiality of data. Can you tell your customers and employees that their nonpublic information is safe from unauthorized access, disclosure, or use? This is a significant reputational risk today! Accountability. If information has been compromised, can you trace actions to their source? An audit of information security can take many forms. At its simplest, the auditors will review the information security program’s plans, policies, procedures, and key new initiatives, plus hold some interviews with the key stakeholders. At its most complex, a large internal audit team will evaluate almost every aspect of the security program and even do intrusion testing. This diversity depends on the risks involved, the assurance requirements of the board and executive management, and the skills and abilities of the auditors. For example, if the organization is undergoing extensive change within its IT application portfolio or IT infrastructure, that would be a great time for a comprehensive assessment of the overall information security program (likely best just before or just after the changes). If last year’s security audit was positive, perhaps a specialized audit of a particular activity or an important e-commerce application would be useful. The audit evaluation can, and most times should, be part of a long-term (read: multi-year) audit assessment of security results. 2. Ethisphere's Expert Corner http://ethisphere.com/category/expert 3. Expert Corner: Auditing a compliance and ethics program. http://ethisphere.com/expert-corner-1/ 4. Ethisphere - in a word - "massive". http://ethisphere.com/ 5. Ethisphere's 2 hour webinar on auditing information security. http://ethisphere.com/sept-20-ethisphere-symposium/ - (see below as well). >>> Please pass the word on to anyone you believe would >>> want to take in the comprehensive webinar - (thanks). HAGD Enjoy. Dan ____________________________ September 20: Ethisphere Symposium Auditing Information Security - Evaluating the Effectiveness of Your Information Security Program - by Dan Swanson and Clint Kreitner. http://ethisphere.com/sept-20-ethisphere-symposium/ Description: This 2 hour event will present and discuss how to audit your information security program. The information security program is a critical component of every organization’s risk management effort, providing the means to protect the organization’s information and other critical assets. A well-managed business unit (and/or program) has robust plans, procedures, goals, objectives, trained staff, performance reporting, and ongoing improvement efforts. The audit team will look for evidence that the information security program is well organized and well managed. The security program must also specifically mitigate risks in satisfying key business objectives, and this traceability must be clear. Your information security audit should confirm that key risks to the organization are being identified, monitored, and controlled; that key controls are operating effectively and consistently; and that management and staff have the ability to recognize and respond to new threats and risks as they arise. Audits and reviews of your information security program and its management advance the goal of program oversight and ensuring continuous improvement and success. Discussion topics will include: Audit scope What is the goal? Planning efforts The general audit steps Audit risk assessment Audit objectives Audit approach What auditors like to see Audit testing Issues to watch out for Other considerations The audit report Who will benefit? CISOs CIOs Senior IT Managers Chief Audit Executives IT Auditors Executive Management with oversight responsibilities for security Risk Managers Faculty: Dan Swanson - President and CEO, Dan Swanson & Associates Clint Kreitner - President and CEO, The Center for Internet Security Downloads: This session will be interactive and include valuable downloads for members and participants Date: September 20, 2007 Time: 10:00 am PST / 1:00 pm EDT (2 hours in length). Price: Free for Ethisphere Council members ($299 for non-members) note - All participants will receive an hour-long one-on-one consultation with Dan Swanson and an Ethisphere associate. To Register: Click here to register for this event. __________________________________________________________ Some leading resources to assist your information security efforts: __________________________________________________________ 1. Avoiding IS Icebergs. http://infosecuritymag.techtarget.com/articles/october00/features3.shtml 2. IT Audit Checklist: Information Security - (half way down the page). http://www.itcinstitute.com/display.aspx?id=2499 3. Ask the Auditor: Who is Responsible for Information Security? http://www.itcinstitute.com/display.aspx?ID=1823 4. Dan's Security Management Resources. http://www.auditnet.org/SecurityMgmt.htm 5. IT Audit Checklist: Payment Card Industry (PCI) - (towards the top of the page). http://www.itcinstitute.com/display.aspx?id=2499 _________________________________________ --------------------------------- Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. [Non-text portions of this message have been removed] __._,_.___ Messages in this topic (1) Reply (via web post) \| Start a new topic Recent Activity 3 New Members Visit Your Group SPONSORED LINKS Comptia security certification Computer internet security Security certification Network security certification Computer security certification Yahoo! TV Want the scoop? Check out today's news and gossip. Endurance Zone on Yahoo! Groups Communities about higher endurance. Yoga Resources on Yahoo! Groups Take the stress out of your life.

[1]

about | contact Other archives ( Real Estate discussion Medical topics )