- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
Dan Swanson has been working in internal audit for more than 24 years and provides an excellent free newsletter that some readers of this column will find valuable.
His brief newsletter concentrates on IT governance and often includes security-related topics. For example, his Oct. 17 issue pointed to a good book on project investment governance and reporting; concisely introduced a Web page with ISO 27001 security standards compliance information; alerted readers to a new series of podcasts from the Computer Emergency Response Team Coordination Center; and published abstracts of several interesting articles on corporate governance and risk management (for example, this article).
Readers may go here to join Dan’s mailing list. You must have or create a free Yahoo Groups ID for successful registration.
There’s a collection of Dan’s auditing-related papers in his columns from _Compliance Week_. Although a full subscription will appeal primarily to professional auditors (it costs $999 a year), there is a 30-day free subscription available that includes weekly e-mail newsletters, one issue of the print magazine and free access to the archives.
Dan will be giving a Webinar on Nov. 14 at 11 a.m. PST (2p.m. EST); the $249 registration free provides access to a live lecture and presentation on auditing compliance and ethics programs. Topics include:
* Audit scope
* What is the goal?
* Planning efforts
* The general audit steps
* Audit risk assessment
* Audit objectives
* Audit approach
* What auditors like to see
* Audit testing
* Issues to watch out for
* Other considerations
* The audit report
Full details of the Webinar are available online.
On the same topic, Dan has written an 88-page white paper that is available free and without registration. Entitled “Internal Audit Guide: Evaluating a Compliance and Ethics Program,” the draft report from the Open Compliance and Ethics Group (OCEG) includes an executive overview (PDF file pages 10-12) that summarizes key points:
“The purpose of the Guide is to support more effective implementation of existing compliance and ethics programs, the objectives of which are to:
* Provide assurance to the board and management that compliance and ethics programs are designed effectively and operating
as designed.
* Identify opportunities for improvement.
* Reinforce and support self-assessment efforts that have been completed, and promote a continuous improvement philosophy
within the organization.
If the IT manager is knowledgeable regarding Cisco technology, he would have 2 options. Option 1 - Consult...- Anonymous
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment