Internationaal

Prevent Data Breaches Using the Security-related Management Practices of COBIT 5

With security and privacy of information systems (IS) being key top 10 issues for IS executives since 2003, organizations have invested heavily on technical aspects of IS security and, to some extent, on compliance mechanisms with mixed success, as is evident from the growing number of attacks on organizational IS.

Data breaches (from external and internal sources), intrusions into organizational networks, and pilferage and destruction of sensitive information through network hacking have put a heavy burden on organizations in terms of investing in IS security defenses and compliance. Although organizations have numerous industry standard choices available to them for implementing technical IS security, choosing IS security governance compliance frameworks is subjective.

Read more: Prevent Data Breaches Using the Security-related Management Practices of COBIT 5

Source: isaca.org

Information Economics: Making the Case for a Modern Retention Schedule

Let’s assume you are convinced by my recent ISACA Journal article to create a modern, transparent and executable retention schedule that is based on COBIT principles and meets the needs of your information stakeholders. The next step is convincing the rest of your executive team. To build a strong case, many organizations focus on improving their overall information economics. Think of it this way… By “economics,” we typically mean analyzing the production, distribution and consumption of goods and services. Information economics, then, is analyzing the production, distribution and consumption of information to ensure that the value derived from it is greater than the total cost of producing, distributing and consuming it.

Read more: Information Economics: Making the Case for a Modern Retention Schedule

Source: isaca.org

Cracking the Code to Business Benefits With Identity and Access Management

As part of my client visits as an IT transformation consultant, I regularly come across executives who question the value of an identity and access management (IAM) solution for their organization. They wonder if it is just adding another tool to the already complex infrastructure into which they are trying to attain visibility. I then ask them what their objectives are for the next 5 years and the answer is consistently:  better business alignment through adoption of agile and flexible IT models, cost savings, improved compliance performance against standards and regulations during audits, countering security threats, and differentiating themselves from competitors. Once these objectives are laid out, all that is required is 5 minutes of discussion around the key traits of an industry-leading IAM solution to bring them to the realization that it could enable the organization to achieve its objectives.

Read more: Cracking the Code to Business Benefits With Identity and Access Management >

Source: isaca.org