Premium Content

Access "Internal auditors and CISOs mitigate similar risks"

Published: 24 Oct 2012

CISOs ARE QUICK TO POINT OUT they are often at odds with internal auditors. Auditors are duty-bound to regulations and internal policy, and are accountable to ensure that industry and federal mandates are carried out by business leaders. Security officers bemoan that auditors pull the security staff in so many directions, and have them concentrating on controls that satisfy so many regs, that compliance supersedes security and the strategic plan is forsaken. Reality may be a bit less contentious. "I don't think we have different goals personally. Internal audit and information security have same goal, which is to mitigate risk," says Anthony Noble, vice president of IT audit at media giant Viacom. "Internal audit has a broader frame where we're trying to mitigate financial risk, while information security mitigates data loss or disclosure. They shouldn't have clashing agendas." Noble has refined this vision sitting on Viacom's equivalent of a security steering committee, an ad hoc entity composed of information security, audit, finance, legal and human ... Access >>>

What's Inside

Features

More Premium Content Accessible For Free