Description: SOX Compliant IT controls can be implemented through the adoption of an externally-validated, best-practice approach to information security - one that provides a single, coherent, multi-layered, channel-specific, framework that enables simultaneous compliance with multiple regulatory requirements. Multi-layered technology approaches are, therefore, solutions to which organizations are increasingly turning.
Historically, there have been a number of such frameworks to which organizations could turn. The recent emergence of an official, integrated framework containing CobiT, ITIL and ISO 17799 offers business leaders an outstanding opportunity to import coherence into an otherwise sometimes fragmentary operational IT environment.
Areas Covered in the Session
- Current and future governance and compliance requirements
- The role of enterprise risk management
- Linkages and similarities between state, national and international regulations
- Why the traditional approach to regulatory compliance no longer works
- Business risks arising from legal contradictions, overlaps and loopholes
- Scale and impact on corporate brand, market position and share value of regulatory failure
- Key governance requirements of directors
- Role of best practice frameworks
- Linkage between compliance requirements and best practice frameworks
- Background and history of CobiT, ITIL and ISO 17799 - similarities and differences
- Importance of the CobiT/ITIL/ISO17799 joint framework
- Benefits of deploying this best practice framework
- Critical success factors in deploying this framework
What will Attendees Learn
- They will get a thorough overview of the governance and compliance requirements faced by today's organizations
- They will understand current and future regulatory requirements, within a broad governance context
- They will be able to articulate the risks faced by their organizations and identify appropriate strategies for mitigating those risks
- They will understand the background to and nature of best practice frameworks
- They will be able to effectively deploy the new, integrated best-practice framework
Who Will Benefit
This seminar will benefit
- Board members
- Company directors
- Non-executive directors
- C-suite officers
- Senior managers in all disciplines
- Governance and compliance professionals
- IT managers
- Risk managers
- The staffs of those functions
Anyone interested in governance and regulatory compliance, whether as an adviser, manager, employee or individual subject to its requirements, will get value from this seminar.
Instructor Profile
Alan Calder is an international authority on IT governance and information security management. He is the author of IT Governance: Guidelines for Directors, and IT Governance Today: a Practitioner's Handbook. He is the founder director of IT Governance Ltd (www.itgovernance.co.uk), and has consulted with a wide range of companies (including Cisco) on how to deploy best-practice frameworks to improve regulatory compliance and reduce compliance-related cost and risk profiles.
He led the world's first successful implementation of BS 7799, the information security management standard upon which ISO 27001 is based, and wrote the definitive compliance guide for this standard, IT Governance: A Manager's Guide to Data Security and BS7799/ISO17799. The 3rd edition of this book is the basis for the UK Open University's postgraduate course on Information Security.
He regularly blogs on IT governance and information security issues at http://alancalder.blogspot.com.
Background
Organizations have traditionally responded to regulatory compliance requirements on a law-by-law, or department-by-department basis. That was, last century, a perfectly adequate response. There were relatively few laws, compliance requirements were generally firmly established and well-understood, and the jurisdictions within which businesses operated were well-defined.
Over the last decade, all that has changed. Rapid globalisation, increasingly pervasive information technology, the evolving business risk and threat environment, and today's governance expectations have, between them, created a fast-growing and complex body of laws and regulations - such as HIPAA, SOX, GLBA, EU Privacy and Data Protection Directives, and Turnbull - that impact the organization's IT systems. While global companies are in the forefront of finding effective compliance solutions, every organization, however small, in whatever industry, and anywhere in the world, is challenged by the same broad range of state, federal, national and international regulatory requirements.
These regulatory requirements focus on the confidentiality, integrity and availability of electronically-held information, and primarily - but not exclusively - on personal data. Many of the new laws - such as SB 1386, OPPA, the EU Safe Harbor regulations, EU Directives, Basel 2, etc - all appear to overlap and, not only is there very little established legal guidance as to what constitutes compliance, new laws and regulatory requirements continue to emerge. Increasingly, these laws have a geographic reach that extends to organizations based and operating outside the apparent jurisdiction of the legislative or regulatory body.
In the face of new, blended, complex and evolving threats to their data, organizations have business and regulatory obligations to protect, maintain and make data available when it is required. They have to do this in an uncertain compliance environment where the rewards for success don't grab headlines, but the penalties for failure do.
Fines, reputation and brand damage and, in some circumstances, jail time for directors are outcomes that every business wants to avoid. And organizations want to do more than simply avoid these risks; they want to reduce the cost and disruption of multiple compliance initiatives, and they want to minimises the impact on customer-focused business operations. Some organizations want to go further than this, and look to get positive business returns from their investment in closing information loopholes and improving the security of their information systems.
The way to do this is through the adoption of an externally-validated, best-practice approach to information security - one that provides a single, coherent, multi-layered, channel-specific, framework that enables simultaneous compliance with multiple regulatory requirements. Multi-layered technology approaches are, therefore, solutions to which organizations are increasingly turning. Historically, there have been a number of such frameworks to which organizations could turn. The recent emergence of an official, integrated framework containing CobiT, ITIL and ISO 17799 offers business leaders an outstanding opportunity to import coherence into an otherwise sometimes fragmentary operational IT environment.
To view the presentation please click here.