Most entities actively seek maximizing stakeholder return on investments and fostering superior customer relations to sustain creation justification. With information technologies considered indispensable to providing processing efficiency, communication expediency and information reliability for stakeholders; entities need to safeguard adequately information assets because they have measurable value. Management typically requires a governance framework that enables organizational alignments, judicious resource allotments, risk management, value delivery and performance measurements to accomplish this security necessity.
Why should you Attend:
Information and associated technologies continue to advance toward diverse distributed configuration environments for entering, processing, storing, and retrieving data. The magnitude of changes occurring reflects the explosion of linked IT infrastructures connected to cloud computing service providers and mobile computing devices. Consequently, the impact of such decentralization has increased the need for effective safeguarding of information assets.
Foundationally paraphrasing from Title 44, Chapter 35, Subchapter III, Section 3542(b)(1) of the United States Code; the term "information security" is defined as the protecting of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Correspondingly, information security is typically a complex and dynamic safeguarding subject. Given the descriptive attributes normally associated with information security, IT auditors usually have a vast array of sub-topics to contemplate when performing information assets protection (IAP) related audits, reviews, or agreed-upon procedures.
Information security design, deployment, and assurance require dedication to continuous improvement to ensure optimum effectiveness and efficiency. Whereby, confirmation of compliance with legislation, regulations, policies, directives, procedures, standards, and rules enable asserting ‘superior' information security governance (ISG). Nonetheless, monitoring and evaluating the current state of implemented controls may take a variety of forms; including control self-assessments and IT audits. Furthermore, an IT auditor may not be the individual who executes an entity's information security internal control review (ICR). However, an IT auditor may subsequently assess an ICR for effectiveness and/or efficiency. In the regulatory arena, a negative finding, coupled with prompt corrective actions can mitigate civilly and criminal enforcement penalties, thereby potentially reducing or avoiding legal risks.
Areas Covered in the Session:
Who Will Benefit:
Robert E. Davis MBA, CISA, CICA (an invited Golden Key International Honour Society member) obtained a Bachelor of Business Administration degree in Accounting and Business Law and a Master of Business Administration degree in Management Information Systems from Temple and West Chester University; respectively. In addition, during his twenty years of involvement in education, Robert acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology.