Security Management Strategies for the CIOEmail Alerts
-
Step 6: Managing and tracking compliance
Compliance School
-
Step 4: Detailed objectives and policies
Compliance School
-
Step 7: The changing nature of compliance
Compliance School
-
Step 3: Establishing an IT Control Framework
Compliance School
-
Step 1: Understanding compliance -- Financial and technical standards
Compliance School
-
Step 5: Measuring compliance
Compliance School
-
Introduction to COBIT for SOX compliance
The Sarbanes-Oxley Act does not detail compliance requirements for IT, so many enterprises and auditors have adopted the standard COBIT, introduced here. Book Chapter
-
How BS7799 and COBIT differ, part two
This Ask the Expert Q&A, examines the origins of the ISO/IEC 17799 and COBIT security management standard, and discusses the differences between them. Windows IT management tip
-
Forrester offers new guide for information security program development
The research firm's new 123-point maturity model is intended to go beyond COBIT as a more comprehensive way to help companies find and fix gaps in their infosec programs. Article | 30 Jul 2010
-
Security survey finds increase in security standards adoption
Ernst & Young's 2008 Global Information Security Survey finds both positive and negative trends in information security depending on how you look at the numbers. Article | 30 Oct 2008
-
Competing regulations clog road to compliance
It's difficult for most organizations to cope with today's multitude of compliance regulations, but an expert at Information Security Decisions said security frameworks may be the answer. Article | 20 Oct 2005
-
COBIT 5: A first look at the recent updates
In this tip, learn how to integrate the new management practices from COBIT 5 into current IT security framework implementations. Tip
-
How to use COBIT for compliance
While the COBIT framework has been around for a long time, it can still be very useful in terms of understanding goals and benchmarks for a security program that can, in turn, aid compliance with many regulations. Tip
-
COSO and COBIT: The value of compliance frameworks for SOX
In an attempt to blaze a path through the myriad of compliance regulations and requirements, organizations are looking to frameworks like COSO and COBIT. In this tip, contributor Mike Rothman examines these compliance paradigms and offers insights on... Tip
-
ISO 17799: A methodical approach to partner and service provider security management
Outsourcing may relieve some of a company's burdens, but handing off business functions doesn't necessarily mean less work for security teams when sensitive information or critical infrastructure hang in the balance. In this tip, Richard Mackey expla... Tip
-
Mapping the path toward information security program maturity
Amid tight information security budgets, it can be hard to recommend the best ways to invest new dollars or focus new resources. In this tip, Ed Moyle explains why creating a security program maturity map is a sensible way to not only track a program... Tip
-
Standards-based compliance: A how-to guide
This presentation by Dick Mackey discusses the pros and cons of using standards as the vehicles to improve regulatory compliance. Tip
-
COBIT 5 certification: What training is necessary for accreditation?
Expert Mike Chapple offers advice for understanding COBIT and what it takes to acquire COBIT 5 certification. Answer
-
Is the Orange Book still relevant for assessing security controls?
Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information Technology Security Evaluati... Ask the Expert
-
Does SOX provision email archiving?
Although SOX may lack specificity regarding certain controls, it does have clear mandates for email retention. Ask the Expert
-
ISO/IEC 17799 vs. COBIT: How do they differ?
Shon Harris looks at the origins of the ISO/IEC 17799 and COBIT security management standards, and discusses the differences between them. Answer
-
COBIT (Control Objectives for Information and Related Technology)
COBIT (Control Objectives for Information and Related Technology) is an international open standard that defines requirements for the control and security of sensitive data and provides a reference framework....(Continued) Definition
-
COBIT 5 certification: What training is necessary for accreditation?
Expert Mike Chapple offers advice for understanding COBIT and what it takes to acquire COBIT 5 certification. Answer
-
COBIT 5: A first look at the recent updates
In this tip, learn how to integrate the new management practices from COBIT 5 into current IT security framework implementations. Tip
-
Forrester offers new guide for information security program development
The research firm's new 123-point maturity model is intended to go beyond COBIT as a more comprehensive way to help companies find and fix gaps in their infosec programs. Article
-
How to use COBIT for compliance
While the COBIT framework has been around for a long time, it can still be very useful in terms of understanding goals and benchmarks for a security program that can, in turn, aid compliance with many regulations. Tip
-
Security survey finds increase in security standards adoption
Ernst & Young's 2008 Global Information Security Survey finds both positive and negative trends in information security depending on how you look at the numbers. Article
-
Is the Orange Book still relevant for assessing security controls?
Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information Technology Security Evaluati... Ask the Expert
-
Does SOX provision email archiving?
Although SOX may lack specificity regarding certain controls, it does have clear mandates for email retention. Ask the Expert
-
COSO and COBIT: The value of compliance frameworks for SOX
In an attempt to blaze a path through the myriad of compliance regulations and requirements, organizations are looking to frameworks like COSO and COBIT. In this tip, contributor Mike Rothman examines these compliance paradigms and offers insights on... Tip
-
ISO 17799: A methodical approach to partner and service provider security management
Outsourcing may relieve some of a company's burdens, but handing off business functions doesn't necessarily mean less work for security teams when sensitive information or critical infrastructure hang in the balance. In this tip, Richard Mackey expla... Tip
-
Mapping the path toward information security program maturity
Amid tight information security budgets, it can be hard to recommend the best ways to invest new dollars or focus new resources. In this tip, Ed Moyle explains why creating a security program maturity map is a sensible way to not only track a program... Tip
- See more All on COBIT
About COBIT
In this resource guide get details, tips and resources on ISO 17799 and ISO/IEC 27002 certification, including auditing and compliance, standards, guidelines, implementation.