Compliance Without Tears: Preparation can ease IT's compliance concerns (2007) resource Articles OCEG Reviewed
Practically every enterprise must abide by and demonstrate compliance with some group of regulations intended to head off the next Enron or WorldCom scandal or headline-grabbing data breach.
Read more
Compliance Provides Benefits Beyond The Obvious (2007) resource Articles OCEG Reviewed
In the areas of security and privacy, daunting legislation such as HIPAA, Sarbanes-Oxley, and the Gramm-Leach-Bliley Act, as well as federal and state requirements, have required extensive assessments of business practices. Typically, businesses see the primary benefit of compliance as avoiding fines and penalties. But from an IT standpoint, there are intrinsic benefits to compliance for an organization's operations.
Information Week, October 13, 2007
Read more
State of IT Auditing in 2007, The resource Articles OCEG Reviewed
Summing-up the state of such a broad professional field in just a few short pages is not easy so, in place of a thousand words, here is a picture.
Read more
OCEG CRITICAL CONVERSATIONS SERIES: CIO AT THE CENTER -Executive Summary resource White Papers OCEG Reviewed
In the first of a white paper series sponsored by Oracle Corporation, OCEG describes the conversations a Chief Information Officer must have with enterprise executives to successfully participate in the development and implementation of an integrated governance, risk management and compliance (GRC) capability that drives principled performance™.
Read more
IT Governance Defined resource Tools / Templates OCEG Reviewed
IT Governance is "a framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensure that the organization’s IT supports and enables the achievement of its strategies and objectives."
The sub-domains of IT governance include:
Business continuity and disaster recovery
Regulatory compliance
Information governance and information security
IT Service Management, including ITIL and Service Level Management
Read more
GAIT Methodology, The (IIA, 2007) resource White Papers OCEG Reviewed
FAQ: Changes to the Federal Rules of Civil Procedure Affect Storage Plans (2007) resource Articles OCEG Reviewed
If you’re an IT professional who’s also interested in legal affairs, there has never been a better time to blend the two worlds. With the amendments in December 2006 to the Federal Rules of Civil Procedure (FRCP), IT has become inextricable from the discovery process of corporate litigation.
ComputerWorld, October 8, 2007
Read more
Guide 6: Managing and Auditing IT Vulnerabilities (IIA, 2007) resource Guides Member contributionOCEG Reviewed
Chief audit executives (CAEs) and internal auditors who want to learn more about managing and auditing IT vulnerabilities are in luck. The IIA has released its sixth guide in its Global Technology Audit Guide (GTAG®) series, Managing and Auditing IT Vulnerabilities.
Read more
Governing for Enterprise Security Implementation Guide (GES) resource Guides Member contributionOCEG Reviewed
This guide is designed to help business leaders implement an effective program to govern information technology (IT) and information security. Our objective is to help you make well-informed decisions about many important components of GES such as adjusting organizational structure, designating roles and responsibilities, allocating resources (including security investments), managing risks, measuring results, and gauging the adequacy of security audits and reviews.
Read more
NIST, Risk Management Framework resource Agency Guidances Member contributionOCEG Reviewed
The selection and specification of security controls for an information system is accomplished as part of an organization-wide information security program that involves the management of organizational risk---that is, the risk to the organization or to individuals associated with the operation of an information system.
