It Compliance And Controls: Best Practices for Implementation

It Compliance And Controls: Best Practices for Implementation

by James J. DeLuccia
Released April 2008
Publisher(s): Wiley
ISBN: 9780470145012

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

IT Compliance and Controls offers a structured architectural approach, a 'blueprint in effect,' for new and seasoned executives and business professionals alike to understand the world of compliance?from the perspective of what the problems are, where they come from, and how to position your company to deal with them today and into the future.

Table of contents

  1. Copyright
  2. Preface
  3. Acknowledgments
  4. ONE. COMING OF AGE
    1. 1. Operating in an Interconnected Universe
      1. 1.1. THE INTEGRATED UNIVERSE
      2. 1.2. GLOBALIZATION
      3. 1.3. EMERGING MARKETS: IMPACTS OF INDIA AND CHINA
      4. 1.4. INTEGRATION
      5. 1.5. SEAMLESS SUPPLY CHAINS
      6. 1.6. GOVERNMENTS GONE WILD
        1. 1.6.1. Regulation Bubbles
        2. 1.6.2. Regulatory Evolution
        3. 1.6.3. Regulatory Leakage
        4. 1.6.4. The Rules are Changing
      7. 1.7. GLOBAL CITIZENRY
        1. 1.7.1. Financial Stability of Market Mandates
        2. 1.7.2. Stakeholders Scrutinize Operations
      8. 1.8. SUPERSIZED CHALLENGES
        1. 1.8.1. Culture Clash and Resolution
        2. 1.8.2. Ripple Effects and Death Spirals
        3. 1.8.3. Liability and Accountability
      9. 1.9. SUMMARY
    2. 2. How Technology Enables the World Market
      1. 2.1. PROCESS IMPROVEMENTS
      2. 2.2. MIRACLE OF CONNECTIVITY
    3. 3. Importance of IT Controls
      1. 3.1. VALUE: BEYOND "BECAUSE IT IS BEST"
      2. 3.2. INFORMATION SECURITY
      3. 3.3. INFORMATION ASSURANCE
      4. 3.4. IN THE END
  5. TWO. INFLUENCE AND EFFECTS
    1. 4. Death of Siloed IT Strategy
      1. 4.1. IT CONTROLS PERMEATE BUSINESS OPERATIONS
      2. 4.2. AGILE TECHNOLOGY CONTROLS
      3. 4.3. BALANCING BUSINESS OBJECTIVES
      4. 4.4. ACTION STEPS
    2. 5. A Regulated Environment
      1. 5.1. DEFINITION OF INTERNAL CONTROL
        1. 5.1.1. Commonality among International Expressions of Internal Control
      2. 5.2. REGULATORY ACTIVITY AND INTERNAL CONTROLS
      3. 5.3. GLOBALIZATION OF REGULATIONS
        1. 5.3.1. Federal Mandates
        2. 5.3.2. PCI DSS: Clear, Strict, Enforced
      4. 5.4. THE ENERGY SECTOR
        1. 5.4.1. We Only Notice It When It Is Gone
      5. 5.5. FINANCIAL INDUSTRY
        1. 5.5.1. Additional Mandates
    3. 6. The World Is Your Oyster of Resources and Guidance
      1. 6.1. A WORLD OF RESOURCES AND GUIDANCE
        1. 6.1.1. Implementer's Dilemma
        2. 6.1.2. Risk of Reactive Control Environment
        3. 6.1.3. Programs for Many Purposes
        4. 6.1.4. Global Library of Control Guidance
      2. 6.2. SUMMARY
    4. 7. Reality and Risks to IT Controls Being Effective
      1. 7.1. OVERVIEW
      2. 7.2. PERCEPTION BIAS
        1. 7.2.1. Shifting Focus
      3. 7.3. INHERENT CONTROL WEAKNESSES
      4. 7.4. PERSPECTIVES OF MANAGEMENT, AUDIT, AND IT
  6. THREE. IMPLEMENTATION
    1. 8. Enterprise Risk Analysis
      1. 8.1. IDENTIFYING RISK-BASED CONTROLS
        1. 8.1.1. Identify Strategic IT Controls
        2. 8.1.2. Inherent Technology Risks
      2. 8.2. CONVERGE MANDATES
        1. 8.2.1. Place a Stick in the Sand
        2. 8.2.2. Value and Importance
        3. 8.2.3. Considerations and Contrarian Views
        4. 8.2.4. Progress through Iterations
      3. 8.3. RISK-BASED CONTROLS: FILTER AND PRIORITIZE
        1. 8.3.1. Risk and Opportunity
        2. 8.3.2. Identifying Your Most Important Assets
      4. 8.4. RISK-BASED CONTROLS: CURRENT STATE
        1. 8.4.1. Context
        2. 8.4.2. Evaluating the Current Posture
        3. 8.4.3. Organizational Benefits
        4. 8.4.4. A Process, Not a Project
    2. 9. Principle 1: Strategy Orchestration
      1. 9.1. PRINCIPLES OVERVIEW: CONCEPT AND APPROACH
      2. 9.2. GLOBAL PRINCIPLES
      3. 9.3. PRINCIPLE 1: TECHNOLOGY STRATEGY ORCHESTRATION
        1. 9.3.1. Tone at the Top
        2. 9.3.2. Directional Alignment
        3. 9.3.3. Technology Governance
        4. 9.3.4. Policy and Procedures
        5. 9.3.5. Compliance
    3. 10. Principle 2: Life-Cycle Management
      1. 10.1. OVERVIEW
      2. 10.2. ACQUIRE AND SUPPORT
        1. 10.2.1. Business Impacts
        2. 10.2.2. Application
      3. 10.3. APPLICATION CONTROLS: CORRECT PROCESSING
        1. 10.3.1. Business Impacts
        2. 10.3.2. Application
      4. 10.4. SOFTWARE DEVELOPMENT
        1. 10.4.1. Business Impacts
        2. 10.4.2. Application
      5. 10.5. CHANGE CONTROL
        1. 10.5.1. Business Impacts
        2. 10.5.2. Application
      6. 10.6. COMPLIANCE
    4. 11. Principle 3: Access and Authorization
      1. 11.1. OVERVIEW
      2. 11.2. LOGICAL ACCESS
        1. 11.2.1. Business Impacts
        2. 11.2.2. Application
      3. 11.3. PHYSICAL ACCESS
        1. 11.3.1. Business Impacts
        2. 11.3.2. Application
      4. 11.4. HUMAN RESOURCES
        1. 11.4.1. Business Impacts
      5. 11.5. COMPLIANCE
    5. 12. Principle 4: Sustain Operations
      1. 12.1. OVERVIEW
      2. 12.2. OPERATIONS RESILIENCY
        1. 12.2.1. Business Impacts
        2. 12.2.2. Application
      3. 12.3. ENVIRONMENTAL SAFEGUARDS
        1. 12.3.1. Business Impacts
        2. 12.3.2. Application
      4. 12.4. COMPLIANCE
        1. 12.4.1. Business Resiliency
        2. 12.4.2. Environmental
    6. 13. Principle 5: Security and Assurance
      1. 13.1. OVERVIEW
      2. 13.2. RISK AWARENESS
        1. 13.2.1. Business Impacts
        2. 13.2.2. Application
      3. 13.3. TRUSTED COMPUTING PLATFORM/SYSTEM CONTROLS
        1. 13.3.1. Business Impacts
        2. 13.3.2. Application
      4. 13.4. TRUSTED COMMUNICATIONS AND NETWORK
        1. 13.4.1. Business Impacts
        2. 13.4.2. Application
      5. 13.5. MONITORING AND PERFORMANCE REVIEWS
        1. 13.5.1. Business Impacts
        2. 13.5.2. Application
      6. 13.6. INCIDENT RESPONSE CAPABILITY
        1. 13.6.1. Business Impacts
      7. 13.7. COMPLIANCE
        1. 13.7.1. Risk Awareness
        2. 13.7.2. Trusted Computing Platform
        3. 13.7.3. Trusted Communications and Network
      8. 13.8. MONITORING AND PERFORMANCE REVIEWS
  7. FOUR. LOOKING FORWARD
    1. 14. 14 This is Not the End
      1. 14.1. BRINGING IT ALL TOGETHER
      2. 14.2. FIVE PRINCIPLES
        1. 14.2.1. Development of the Five Principles
        2. 14.2.2. Summary of Principles
        3. 14.2.3. Challenges and Caveats
      3. 14.3. REFLECTION ON INFORMATION TECHNOLOGY INTERNAL CONTROLS
        1. 14.3.1. Evolution of Internal Technology Controls
        2. 14.3.2. Trends
    2. 15. Building a System of IT Compliance and Controls
      1. 15.1. GETTING STARTED
      2. 15.2. PITFALLS
        1. 15.2.1. Business/Technology Disconnect
        2. 15.2.2. Avoiding Real and Imagined Red Tape
        3. 15.2.3. Watch for Complacency
      3. 15.3. OPPORTUNITIES
        1. 15.3.1. People Power
        2. 15.3.2. Audit Opportunity
        3. 15.3.3. Redefining IT
      4. 15.4. OBJECTS IN MIRROR ARE CLOSER THAN THEY APPEAR
      5. 15.5. OPTIMIZATION
      6. 15.6. LONGEVITY AND VITALITY: THE NEXT 100 YEARS
      7. 15.7. FINAL THOUGHTS
  8. Supportive Publications
  9. List of Acronyms

Product information

  • Title: It Compliance And Controls: Best Practices for Implementation
  • Author(s): James J. DeLuccia
  • Release date: April 2008
  • Publisher(s): Wiley
  • ISBN: 9780470145012