 IT Compliance Articles
Articles from industry thought leaders and software providers on a wide variety of IT Compliance and Governance related topics.
 Get the Feed | Subscribe by Email
|
|
Written by Phil Wilson
|
This two-part series is aimed at business executives, compliance professionals, auditors, security professionals, process-improvement champions and program office leaders. It will also interest consultants across a wide range of governance, risk and compliance (GRC) and other business and technology specialty areas, whether they work as freelancers or for small, medium-sized, large or global mega-consultancies. Help-desk and technical support-center professionals will also benefit by readying their organizations for the looming GRC-support crisis at the doorsteps of companies worldwide. Support-desk roles and responsibilities lie at the heart of what’s covered in this article and the one coming next quarter.
|
|
|
Written by Jorge Rey
|
Identity theft increased more than 50 percent between 2003 and 2006, according to a Gartner Group study (1) released in March, with approximately 15 million Americans victimized in a twelve month period ending in mid-2006. It's one of the fastest growing crimes in America and, if you've been a victim, you know just how painful it can be.
As a business owner, you may be contributing to this epidemic. Under new laws already enacted and more in the works, you may be held responsible.
|
|
|
Written by Bob Aiello
|
Many organizations invest considerable resources in implementing IT Governance and compliance frameworks in order to comply with regulatory requirements such as section 404 of the Sarbanes-Oxley Act of 2002. The ISACA Cobit 4.1 framework is one of the leading tools used to manage and improve IT controls. Many managers find it difficult to ascertain and understand exactly what needs to be done in order to achieve compliance. This article explains the process for analyzing and implementing the description of an IT control. Every organization must follow the advice and counsel of their own professional legal, audit and compliance experts. However, managers also need to be able to understand exactly what the controls mean and require in order to go beyond simply meeting the letter of the law (and actually realizing improved productivity and quality). Read on if you would like to turn your compliance effort into your own process improvement initiative!
|
|
|
Written by Ben Worthen
|
|
When Mead and Westvaco—the country’s two largest forest products and
packaging companies at the time—merged in early 2002, Jim McGrane, then
the vice president of process development at Mead, was promoted to CIO
and assigned the unenviable task of standardizing the new entity—$7.2
billion MeadWestvaco—on a single SAP system. McGrane had started
redesigning Mead’s order management and financial processes four years
earlier, so it was natural this new job would fall to him. But
something about the project didn’t sit right. Even though he was
standardizing the processes the business would follow and providing
users with a system that would enforce these new, more efficient
processes, his own department was continuing to operate the same way it
always had, following what was basically a collection of ad hoc
practices. "There was no focus on process for IT," says McGrane. The
contradiction was obvious: The group responsible for developing and
enforcing a set of common business processes didn’t have a process of
its own. Consequently, the IT department wouldn’t be able to hold
itself to the same standards it was applying to the rest of the
organization.
|
|
|
Written by S. Anantha Sayana
|
|
Every organization should have a business continuity plan that seeks to
ensure that its information systems are available and running at all times
to support and enable the business to function and grow. In spite of all
precautions and preventive controls, disasters can occur. Some disasters
cannot be controlled and/or prevented. In such cases, the business
continuity plan should also enable recovery of information systems within an
acceptable time frame to avoid any serious damage to the business.
|
|
|
Written by Richard Pastore and Lorraine Cosgrove Ware
|
|
As
a CIO, you have more than enough responsibilities as chief technology
strategist, vendor manager, Web overlord and security officer. Now,
with the mandate to run the IT function like a business, you also have
to be a CEO?planning and executing IT financial controls, marketing
campaigns, HR strategies, customer service efforts and all the other
disciplines that make a business run. There are probably hundreds of
discrete practices that fall into these areas. We focused on more than
40 in our survey, "How to Run IT Like a Business," which was completed
by more than 100 IT executives at companies hand-picked for their
excellent IT reputations. But you don’t have to master all of these to
do a credible job and capture the benefits. A handful of practices
emerged as must-dos, common denominators for you to use as a
foundation. And since respondents rated each practice in terms of its
effectiveness and difficulty level, we’ve been able to draw conclusions
about their relative return on investment. You can see at a glance in
the following pages which practices will reward you more (or less)
profitably for your effort.
|
|
|
Written by Murray Cantor and John D. Sanders
|
|
This article introduces an operational approach to IT
governance, describing governance as an intentional activity with its
own lifecycle and artifacts. The authors then describes a value-based
approach to IT governance processes and a set of principles that IT
organizations can adapt to realize the benefits of governance in their
business setting.
|
|
|
<< Start < Prev 1 2 Next > End >>
|
| Results 1 - 7 of 13 |
