PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
January 2009

Internal auditors and CISOs mitigate similar risks

CISOs ARE QUICK TO POINT OUT they are often at odds with internal auditors. Auditors are duty-bound to regulations and internal policy, and are accountable to ensure that industry and federal mandates are carried out by business leaders. Security officers bemoan that auditors pull the security staff in so many directions, and have them concentrating on controls that satisfy so many regs, that compliance supersedes security and the strategic plan is forsaken. Reality may be a bit less contentious. "I don't think we have different goals personally. Internal audit and information security have same goal, which is to mitigate risk," says Anthony Noble, vice president of IT audit at media giant Viacom. "Internal audit has a broader frame where we're trying to mitigate financial risk, while information security mitigates data loss or disclosure. They shouldn't have clashing agendas." Noble has refined this vision sitting on Viacom's equivalent of a security steering committee, an ad hoc entity composed of information security, audit, ...

Access this PRO+ Content for Free!

Features in this issue

  • Product Review: Cenzic Hailstorm Enterprise ARC 5.7

    Web application security has moved from a niceto- have to a must-have requirement, for data protection and compliance. Cenzic's Hailstorm, which we last reviewed in 2005, reflects the growth in the depth and maturity of Web application vulnerability assessment software.

  • Product Review: GoldKey Secure USB Token

    The GoldKey Secure USB Token works with Windows and Macintosh operating systems to provide a secure place to stash encryption keys for virtual disks. By keeping encryption keys on a small, removable USB token, GoldKey simplifies the task of locking away important information on laptops and encourages good security behaviors.

  • Product Review: Hedgehog Enterprise 2.2

    Eight years after the release of Microsoft SQL 2000, we're still looking for help from bolt-on security product vendors to harden and protect critical production database servers. Sentrigo's Hedgehog Enterprise 2.2 is designed to monitor and protect against known and unknown database threats.

Columns in this issue