Thursday, November 29, 2007

Technology News: ID Security: Data Breaches More Expensive Every Year

A recent report released by PGP Corp has found that the cost of data breaches is growing. The study also finds that the number of breaches by third-party organizations has also been growing signficantly. There are clear lessons here for IT control systems. Companies need to tighten up their controls over both their home systems and their outsourced systems. Technology News: ID Security: Data Breaches More Expensive Every Year

Tuesday, November 27, 2007

Insecure About Security - Security - CFO.com

While technology for security detection and prevention is improving, companies cannot rely on technology too much. They still need to have best practices in place for their system, from well designed business processes to solid security administration. The stronger technology can only augment the security provided by solid IT Systems practices. Insecure About Security - Security - CFO.com

Monday, November 26, 2007

Securing the Laptop: Mission Impossible?

Mobile devices in general and laptops in particular represent the weakest link in business systems. They are constantly in the news because of the loss of mobile units that have private or sensitive information in them. Encryption is the obvious answer, or a big part of the answer, and enterprises need to pay more attention to encryption techniques and put more resources into their implementation. Securing the Laptop: Mission Impossible?

Saturday, November 24, 2007

Is security software becoming a security risk?

Companies and their auditors rely heavily on security software of various kinds, including anti-virus software. However, it is noteworthy that anti-virus software, to be effective, must open and scan data very quickly and in all kinds of formats. This means that there is the potential for hackers to exploit this capability where there are not adequate safeguards in place within the software. Is security software becoming a security risk?

Thursday, November 22, 2007

Journal Online - Online Exclusive Articles

The Journal Online of ISACA contains a recent article of interest to both managenment and auditors. It is "One of today's Most Overlooked Security threats - Six Ways Auditors Can Fight it." The article identifies this threat as IT staff, and then goes on to identify ways to deal with this threat. this is one of the more difficult challenges auditors face, as the level of IT sophistication of IT staff is high and their methods can be arcane. (Available to ISACA members only) Journal Online - Online Exclusive Articles

Tuesday, November 20, 2007

Accenture Helped Deutsche Telekom Improve its Financial Data Management

The case referenced in this entry outlines how Accenture helped Deutsche Telekom to integrate its data within its financial system using ERP. It's an old story with a modern flavour. Accenture Helped Deutsche Telekom Improve its Financial Data Management

Monday, November 19, 2007

COBIT Mapping: Mapping of TOGAF 8.1 With COBIT 4.0

ISACA's website contains a mapping of Cobit, its IT process and control framework, with TOGAF, a methodology and tools for enterprise architecture developed by the Open Group based on the US Department of Defense Technical Architecture Framework for Information Management. The mapping is available for free download to ISACA members. COBIT Mapping: Mapping of TOGAF 8.1 With COBIT 4.0

Thursday, November 15, 2007

globeandmail.com: There's no single answer to securing online banking

The search for good security in internet applications has been a long and continuing one. Internet banking is a prime example of a high risk application needing strong security. Lately, the banks have been moving to multi-factor authentication, which involves authenticating users by using a variety of different methods, such as passwords, and questions about private matters. It's a technique likely to become more prevalent in a variety of applications. globeandmail.com: There's no single answer to securing online banking

Wednesday, November 14, 2007

E-Commerce News: SOA: Simplifying E-Commerce With SOA for Payments

Service Oriented Architecture (SOA) has been used in recent years for several purposes related to e-commerce systems, most recently with an emphasis on payment systems. This article provides a good description of SOA and how it might fit into a system. E-Commerce News: SOA: Simplifying E-Commerce With SOA for Payments

Monday, November 12, 2007

14th World Continuous  Auditing

The 14th World Continuous Auditing and Reporting Symposium was held at Ruters University on Nov 2 and 3, 2007. The presentations for that important event can be downloaded at the following site: 14th World Continuous Auditing

Saturday, November 10, 2007

IFAC - Risk Based Internal Control

IFAC has released a paper which is comprised of interviews with C-Suite Officers from several major corporations discussing the issues around risk-based internal controls. It is a part of IFAC's continuing work on this subject and is available for free download at:
http://www.ifac.org/Members/DownLoads/Internal_Control_from_a_Risk-based_Perspective_August_2007.pdf

Tuesday, November 6, 2007

E-Commerce News: Security: IBM Places $1.5B Bet on Security Push

IBM has announced plans to spend $1.5 Billion during 2008 to beef up its security offerings. It is keeping pace with the competition, notably Microsoft and Cisco, who have been placing an increased emphasis on security. With a growing tendency among enterprises to integrate the internet into business systems, particularly though the use of mobile devices, security has become a very hot topic in systems development and management. E-Commerce News: Security: IBM Places $1.5B Bet on Security Push

Friday, November 2, 2007

ISO 17799 -- it's a control, not a standard

In this quite thorough commentary on ISO 17799, now ISO 27002, the author points out that it is not a standard but rather a set of recommendations. While this may be splitting hairs - 17799 was set out as a set of best practices -nevertheless, the analysis is interesting and useful as it includes suggestions as to how to implement the - uh - standard. ISO 17799 -- it's a control, not a standard