Site icon IT World Canada

Being prepared and in control

Rafael Ruffolo

Continuing last week selections from my various columns for Jim Kaplan, this week I highlight resources that have a “governance” focus. In addition, I want to enforce the importance of being prepared (e.g. implementing a security incident response capability) and being “in control” (i.e. we must have have effective change management). It really is endless!

 

Have another great week.

 

Dan Swanson

 

Board Oversight of IT Is Needed

Traditionally, and rightfully so, the board has focused on governing the organization, that is, the board is ensuring the right CEO is in place, that the right business strategies have been developed, that performance is reported regularly and trending properly, and that the right questions are being asked of management. Nowadays, the board also needs to ensure that the organization's human resources are being positioned for future requirements, that digital information and assets are being appropriately protected, and that the organization is always progressing!

http://www.auditnet.org/articles/DSIA200706.htm

 

Performance Measurement and Reporting is a Silver Bullet!

Steven Covey, author of The Seven Habits of Highly Effective People, and many others quite rightly recommend that when you start any kind of new project, you should begin with the end in mind. What does that involve? 1) Deciding where you want to be in the future (that is, what your “end state” will be); 2) Defining your key goals and objectives in getting there (to guide your various efforts along the way); and 3) Building and then implementing your plan to get there (the means to reach your desire end state).

 

This planning cycle works for all individuals, in both their professional and personal lives. It is even more important for organizations, where an understanding across the whole enterprise is vital in obtaining broad support across a workforce faced with numerous, and many times conflicting, priorities.  
http://www.auditnet.org/articles/DSIA200705.htm

 

Is Governance Effective Within Your Organization?
What dialogue is occurring within your organization regarding organizational governance? Is everyone on the same page re what organizational governance is and what we are trying to accomplish? I believe its time for all stakeholders to discuss and agree to the many roles and responsibilities that are involved with organizational governance. See below for some leading resources to assist in your discussion.
http://www.auditnet.org/articles/DSIA200710.htm
 
Auditing Change Management
IT Compliance Institute has published a new IT Audit checklist covering Change Management. This paper, “IT Audit Checklist: Change Management,” supports an internal audit of the organization's change management policies in order to verify compliance and look for opportunities to improve efficiency, effectiveness, and economy. The paper includes advice on assessing the existence and effectiveness of change management in project oversight, development, procurement, IT service testing, and IT operations; guidance for management and auditors on supporting change management; and information on ensuring continual improvement of change management efforts.
http://www.auditnet.org/articles/DSIA200708.htm

 

Have you assessed your information security program lately?

Does your organization’s information security program reflect the business environment it operates in? Have you reviewed the latest guidance – to improve your information security program. Its time – to assess the improvement opportunities.  Click here for leading resources. 
http://www.auditnet.org/articles/DSIA200712.htm

 

Creating a Computer Security Incident Response Team

Safeguarding assets has been an important objective of all organizations for centuries. Protecting an organization’s assets has evolved from mainly physical and personnel safeguards, to a combination of physical, personnel, procedural, and software-based asset management that must be clearly and completely stated in the organization policies, standards and guidance, and monitoring of asset values. With a high percentage of market value now accounted for by intangible assets such as intellectual property, reputation, brand, and electronic records, information continues to be (ever more so) a vital business resource.
http://www.auditnet.org/articles/DSIA200712.htm
Exit mobile version