IT | by OCEG the Open Compliance and Ethics Group

OCEG Contributed

Using Technology to Enable GRC Processes (Webinar Slides)

OCEG IT Forum 2006 - Spring

OCEG IT Forum 2006 - Fall

OCEG Benchmarking Series Report 2009 - Managing Privacy Practices

GRC-XML Whitepaper

Leveraging Technology for Optimized Execution

Data quality -- the forgotten privacy principle (2007)

Collecting Personal Data for E-Discovery (October 2007)

Insider Threat (2007)

IT Governance and Risk Management: Store Your Data to Ensure Compliance (2007)

FAQ: Changes to the Federal Rules of Civil Procedure Affect Storage Plans (2007)

States Launching E-Discovery Rules (2007)

GAIT Methodology, The (IIA, 2007)

IT Governance Defined

OCEG CRITICAL CONVERSATIONS SERIES: CIO AT THE CENTER -Executive Summary

State of IT Auditing in 2007, The

Compliance Provides Benefits Beyond The Obvious (2007)

Governance, Risk, and Compliance Mangement: realizing the Value of Cross-Enterprise Solutions (SAP, 2007)

The Stick and the Carrot Charting the Rapid Rise of Enterprise Governance, Risk and Compliance Management (2004)

State Security Breach Notification Laws

New E-Discovery Burden, The (2007)

Compliance Without Tears: Preparation can ease IT's compliance concerns (2007)

Portable security: Full-disk encryption can take a lot of risk out of mobile computing (2007)

Examining E-Discovery Chain of Custody (2007)

Group creates standard to ease e-discovery data transfer (2007)

Electronic Discovery Reference Model ("EDRM")

GRC Journal

Creating a Computer Security Incident Response Team: A Process for Getting Started (2002, Last Updated 2006)

E-Discovery Requests: Know Your Limits (2007)

Assessing, Managing Enterprise Risk: What it takes to manage virtual servers (2007)

Develop Effective Archive Policies Before FRCP Compliance Becomes a Problem (2008)

Disaster recovery, backup, and restore: Big challenges for small businesses (2008)

Guide to NIST Information Security Documents

NIST, ITL Security Bulletins

Government of Canada Publications: IT Security Guidance (ITSG)

Information Security Forum

ISO Catalog Page: Information technology

NIST, Federal Information Security Management Act (FISMA) Implementation Project

Federal Information Security Management Act of 2002

Security Matters, Software Engineering Institute, Carnegie Mellon University

Survival of the Fittest: Disaster Recovery Design for the Data Center (2008)

Practical Disaster Recovery Planning: A Step-by-Step Guide

DOJ, Searching and Seizing Computers and Obtaining Electronic Evidence in Criminal Investigations (2002, with updates)

GRC-XML Working Group Meeting #4 - March 25, 2008

Red Book/GRC Ecosystem Functional Category Alignment - V 1.1

IT Sentinel (UK)

Q1 2008 OCEG Technology Council Roundtable

Keeping Up With EDD Blogs and Tools (2007)

California, Electronic Discovery: Legislation and Rules (2008)

Judicial Council proposes new electronic discovery rules (2008)

E-Discovery Keeps an Eye on the Job: Employment-related litigation is shaping e-discovery, still in its infancy (2008)

EDD Update

What to Do About Data in the EU? (2008)

EU, Commission decisions on the adequacy of the protection of personal data in third countries

Taxonomy Work Group - Final Presentation before Blueprint Work Group Merger

GRC Technologies Glossary

GRC-XML Work Group Monthly Meeting

OCEG Intellectual Property Agreement

IT Governance Institute's VAL IT Model Overview

E-Discovery Mistakes Might Kill Your Case (2008)

Ask the Analysts: GRC Techology 2008

Eight easy ways to protect your company data - and reputation (2008)

E-Discovery Tips From the Bench (2008)

GRC-XML Work Group Overview - June 6, 2008

ITGI's VAL IT Framework

ISM3 Model V 2.0

European Commission: Proposed revision of the Directive on electronic data protection (2007)

European Parliament: Webpage on the legislative procedure on the Directive on electronic data protection

Minimizing the Risk That E-Discovery Failures Will Create Corporate Liability (2008)

Easing e-discovery preparation by mapping enterprise data (2008)

Prepared for e-discovery: What to know about content monitoring and filtering (2008)

ISM3 Model V2.1 Overview

OCEG GRC Technology

GRC-XML Work Group Meeting on July 30, 2008

GRC Blueprint Work Group Meeting - July 31, 2008

CIO Strategies for the Retention and Deletion of Email (2008)

How to create an e-discovery employee awareness program (2008)

Decisions Up Stakes for Managing EDD (2008)

Global Best Practices in Email Security, Privacy and Compliance (2008)

Andrew's Blog

2008 Annual Report: IT Governance, Risk and Compliance - Improving Business Results and Mitigating Financial Risk Research Report (2008)

Auditor Answers: Performing Post Mortems on Problem Events (2008)

e-Discovery Team, Electronic Discovery, Electronic Documents, Information Management, Legal, Technology, IT

eDiscovery, Digital Evidence and Information Security Law - Info Tech Law On The Edge

EPIC's Data Retention Page

E-Discovery Investigator

Demonstrating Good Faith in ESI Preservation (2008)

State by State Summary Report of E-Discovery Efforts

AICPA, Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (Including WebTrust® and SysTrust®) (2006)

Achieving Data Privacy in the Enterprise (2008)

Email Archiving: A Proactive Approach to e-Discovery (2008)

IT for GRC: Improving Information Quality

The Data Diaspora: Managing Privacy When Data is Dispersed

Managing Compliance Requirements

Ask the Analysts

When to shred: Purging data saves money, cuts legal risk (2008)

Privacy Guide - Asia and the Pacific (2007)

Asia-Pacific Region at the Privacy Crossroads (2008)

Implementing an Identity Management Solution (SAP, 2007)

Japan: Personal information privacy update (2007)

Member Contributed

Information Systems Audit and Control Association (ISACA)

Auditing System Conversions (IIA)

Technology - The Institute of Internal Auditors (IIA)

Information Technology Process Institute (ITPI) Reading Room

Tripwire Documents: White Papers Collection

GAO/NSAA, Management Planning Guide for Information Systems Security Auditing (2001)

IT Security, IIA Resources Page

SANS, What Works in Internet Security

International Systems Security Engineering Association (ISSEA)

CCCure.org - An Open Study Guides Web Site

Professional Security Testers Web Site

Forrester Research

GAO Special Publications: Computer and Information Technology

UK, Office of Government Commerce (OGC) Successful Delivery Toolkit

Office of Government Commerce (OGC) IT Infrastructure Library (ITIL)

Chief Information Officers Council (CIO)

SecurityBenchmark.com

Christiansen's IT Law: Information Law Theory and Practice

The ABCs of the IT Infrastructure Library (ITIL)

DOC, Safe Harbor

Landmark Federal Discovery Rules Amendments Have Become Effective. Are You Ready? (2006)

Data Storage Today

Storage Technology News: New privacy rules may complicate records management (2007)

CIO Today

What the Board Needs to Know About IT: Phase II Findings (Deloitte, 2007)

Id Governance - Identity Privacy and Access Policy Marketing Requirements Document Use Cases Version: 1.0 (2007)

Identity Governance Framework (2006)

Architectural Risk Analysis (2005)

IT Control Objectives for Sarbanes-Oxley 2nd Edition (September 2006)

Enterprise Risk Management for CIOs (2007)

IT Security Portal

Daily Tech

Re-Thinking Your Disaster Recovery Strategy (2007)

Leveraging Content Management Systems for e-Discovery (August 2007)

Computer Technology Review

Five Steps to Building Information Risk Management Frameworks (August 2007)

An Introduction to IT Governance (Paisley, 2006)

Trade Finance 2007: An Abundance of Resources - Traders now enjoy multiple options in financing foreign transactions (2007)

United States Computer Emergency Readiness Team (US-CERT)

Early Warning Signs of IT Project Failure: The Dominant Dozen (2006)

Issue & Inquiry Project Charter Template

Understanding The World Of E-mail: How It Can Significantly Increase Or Decrease The Costs Of Electronic Discovery - Part I (2007)

Understanding The World Of E-mail: How It Can Significantly Increase Or Decrease The Costs Of Electronic Discovery - Part II (2007)

Information Security and Data Breach Notification Safeguards (CRS, Rev January 28, 2010)

Integrate Archiving with Disaster-Recovery Plan (2007)

Managing risk in the information age (2007)

DHS, IT Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development (2008)

How Vulnerable Is Your Information Technology? (2006)

NIST, Risk Management Framework

Governing for Enterprise Security Implementation Guide (GES)

ISO 27001 - The Information Security Management Standard

Guide 6: Managing and Auditing IT Vulnerabilities (IIA, 2007)

Prescriptive Guide to Achieving Operational Excellence (2006)

Best Practices: Ten Time-Saving Compliance Research Resources

Ethics in Computing

Template for Internal Presentation on GRC Technology Improvement Plans