FBI's 'Bot Roast II' Leads To Alleged New Zealand Mastermind
(Information Week: November 30, 2007)
http://www.informationweek.com/news/showArticle.jhtml?articleID=204400444&cid=nl_IWK_daily
Monday, December 3, 2007
Monday, January 15, 2007
Saturday, January 13, 2007
Why Information Risk Management & Audit?
Information is what drives modern information society.
The quality of information determines the quality of decisions that impact corporate and personal lives in this information age. The timeliness and quality of decisions based on quality information would determine the effectiveness and success of organizations and corporations.
Information technology today drives information processing and helps to process voluminous information more effectively and in faster ways.
Though technology is beneficial, the risks associated with technology and with information itself, would make risk management important for effective use of information for survival and success of organizations and corporations, as also of individuals.
Risk management is today a business issue and not a technology issue and cannot be relegated as a responsibility of technology managers alone.
Because of the importance of information risk management, legislators have stepped in to regulate use and transfer of information and access to information, particularly personal information and financial information. Risk management, therefore, has the added responsibility to ensure corporations or organizations to comply with ever increasing number of regulations: Sarbanes Oxley, HIPAA, Gramm-Leach Bliley Act, FISMA, Basel II, etc.
A number of standards national and international have also been developed by various standards setting institutions, such as ISO 17799, ISO 27001, PCI Standards, etc. Information risk managers would, therefore, need to implement these standards in organizations and corporations.
While information risk professionals help to implement processes and technologies to help manage risks, information systems auditors help to audit systems and organizations to certify the effectiveness of controls to mitigate risks.
Certifications in this area such as CISSP, CISA, CISM and vendor based certifications, help to develop professionals to manage information security and audit.
The purpose of this blog forum is to elicit ideas and views from interested persons, relating to these vital areas pertaining to information risk management and audit.
-Joseph Ponnoly, MBA, MSc, CISM, CISA, CISSP
The quality of information determines the quality of decisions that impact corporate and personal lives in this information age. The timeliness and quality of decisions based on quality information would determine the effectiveness and success of organizations and corporations.
Information technology today drives information processing and helps to process voluminous information more effectively and in faster ways.
Though technology is beneficial, the risks associated with technology and with information itself, would make risk management important for effective use of information for survival and success of organizations and corporations, as also of individuals.
Risk management is today a business issue and not a technology issue and cannot be relegated as a responsibility of technology managers alone.
Because of the importance of information risk management, legislators have stepped in to regulate use and transfer of information and access to information, particularly personal information and financial information. Risk management, therefore, has the added responsibility to ensure corporations or organizations to comply with ever increasing number of regulations: Sarbanes Oxley, HIPAA, Gramm-Leach Bliley Act, FISMA, Basel II, etc.
A number of standards national and international have also been developed by various standards setting institutions, such as ISO 17799, ISO 27001, PCI Standards, etc. Information risk managers would, therefore, need to implement these standards in organizations and corporations.
While information risk professionals help to implement processes and technologies to help manage risks, information systems auditors help to audit systems and organizations to certify the effectiveness of controls to mitigate risks.
Certifications in this area such as CISSP, CISA, CISM and vendor based certifications, help to develop professionals to manage information security and audit.
The purpose of this blog forum is to elicit ideas and views from interested persons, relating to these vital areas pertaining to information risk management and audit.
-Joseph Ponnoly, MBA, MSc, CISM, CISA, CISSP
Subscribe to:
Comments (Atom)
