2008 Annual Report: IT Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk Research Report (2008) resource White Papers OCEG Reviewed
IT governance, risk and compliance (IT GRC) is about striking an appropriate balance between business reward and risk. The maturity of IT GRC practices for managing reward and risk has a direct impact on the organization.
The 2008 Annual Report, assembled from benchmark research conducted with more than 2,600 organizations around the World, reveals the IT GRC maturity profiles, business outcomes, capabilities and practices that are most responsible for influencing and impacting business rewards and risks.
Read more
A Guide to Messaging Archiving (2008) resource White Papers OCEG Reviewed
October 6, 2008
Abstract: (Source: Google) Explore compelling reasons for the implementation of a messaging archiving system and learn the top vendors whose offerings are focused squarely on the archiving space. Should you archive your organization's email content? According to the American Management Association, 24% of companies have experienced their employees' email being subpoenaed and 15% have gone to court because of lawsuits brought on by their employees' email. The statistics don't stop here.
Read more
Achieving Data Privacy in the Enterprise (2008) resource White Papers OCEG Reviewed
ABSTRACT:
In spite of a range of security technologies being deployed, devastating thefts of sensitive data continue to occur. To address these threats, many organizations are looking to deploy data privacy solutions- solutions that ensure the security of data inside the enterprise. This white paper describes the need for data privacy, and it offers an overview of the issues that must be considered and addressed when organizations look to implement a data privacy solution.
SearchSecurity.com, September 10, 2008
Read more
Acquire a global view of your organization's security state: the importance of security assessments (IBM, 2007) resource White Papers OCEG Reviewed
Today, more than ever before, security is a key issue for virtually every organization. No matter the size of your enterprise and what business you are engaged in whether a financial services company, a retail chain or a water treatment plant threats to your information security occur daily and evolve constantly. Because of that fluidity, virtually every organization has a "security gap" that is, a gap between the organization’s current protection level and the level it should be at to meet the latest security threats.
Read more
AICPA, Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®) (2006) resource Guides OCEG Reviewed
The Trust Services Principles, Criteria, and Illustrations present criteria established by the Assurance Services Executive Committee of the AICPA for use by practitioners when providing attestation services on systems in the subject matters of security, availability, processing integrity, privacy, confidentiality, and certification authorities.
Read more
Aligning COBIT 4.1, ITIL V3 and ISO/IEC 27002 (2008) resource White Papers OCEG Reviewed
The briefing applies generally to all IT best practices but focuses on three specific practices and standards that are becoming widely adopted around the world. It has been updated to reflect the latest versions:
• ITIL V3Published by the UK government to provide a best practice framework for IT service management
• Cobi T 4.1Published by ITGI and positioned as a high-level governance and control framework
Read more
An Introduction to IT Governance (Paisley, 2006) resource White Papers Member contributionOCEG Reviewed
As technology evolves so do the risks that threaten the security, stability and functionality of the information systems that are the backbone of an organization. Can an information technology department completely identify, measure and mitigate the threats or potential security breaches when the news is flooded with stories of system breakdowns?
Read more
Andrew's Blog resource Blog OCEG Reviewed
by Andrew Cohen, Bridging the gap between legal and IT
Read more
