This posting is about learning from best practice guidance and leading papers and studies that have been published by a diverse group of organizations.
1. The GAO web site is one of my favorite places to visit for IT and IT Security guidance although their research effort is much much broader than just these two activities.
2. The IIA is funding a long term effort to develop a series of global technology audit guides which are useful to both auditors and IT practitioners. The GTAGs are published only after an extensive review process is completed.
3. Finally, while people either are very for or very against Wikipedia as a source of good information visiting this repository periodically can be useful. This week I highlight its efforts regarding information technology governance.
Good luck and have another great week.
Dan Swanson
Dswanson_2005@yahoo.com
1. The U.S. Government Accountability Office (the GAO)
The Government Accountability Office (GAO) is an agency that works for Congress and the American people. Congress asks GAO to study the programs and expenditures of the federal government. GAO, commonly called the investigative arm of Congress or the congressional watchdog, is independent and nonpartisan. It studies how the federal government spends taxpayer dollars and advises Congress and the heads of executive agencies about ways to make government more effective and responsive. www.gao.gov
Leading best practice guidance on various management practices - http://www.gao.gov/aac.html
Leading IT and IM guidance - http://www.gao.gov/special.pubs/cit.html
2. Global Technology Audit Guide (GTAG)
The Institute of Internal Auditors (The IIA) is producing a series of publications with guidance on information technology. Written primarily for the chief internal audit executive (CAE) and audit supervisors, the guides address concerns of the board of directors and chief-level executives. Each Global Technology Audit Guide (GTAG) is written in straightforward business language to address timely issues related to information technology management, control, or security. GTAG is a ready resource series for chief audit executives to use in the education of members of the board and audit committee, management, process owners, and others regarding technology-associated risks and recommended practices. http://www.theiia.org/guidance/technology/gtag/
3. Information technology governance - From Wikipedia
IT governance or ICT Governance, is a subset discipline of Corporate governance focused on information technology systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley (USA) and Basel II (Europe)), as well as the acknowledgement that IT projects can easily get out of control and profoundly affect the performance of an organization.http://en.wikipedia.org/wiki/Information_technology_governance
4. Internet & Computer Ethics for Kids (and Their Parents & Teachers Who Haven't Got a Clue)" written by Winn Schwartau.
This important book (for keeping your kids safe) is at:
http://www.thesecurityawarenesscompany.com/chez/chez.php
5. Security Absurdity: The Complete, Unquestionable, And Total Failure of Information Security.
A long-overdue wake up call for the information security community by Noam Eppel.http://www.cio.gov.bc.ca/prgs/InformationSecurityPolicy.pdf