| For enterprise professionals charged with security, auditing and internal IT controls, "getting better" at compliance is all about continuous process improvement. Process, in this sense, is an intelligent mixture of technology adoption/use, improvements in corporate governance and more granular IT policy and procedure. This lesson explores essential practices and tools for "going forward."
|Compliance School home|
|Compliance improvement: Get better as you go forward|
|Gauging your SOX progress|
|SOX: Taking action|
|Understanding compliance-related technology|
|Sponsored by Symantec: IT Compliance: 2006 IT Compliance Benchmark Report|
Webcast: Raising the bar on compliance success
By now, most enterprises have established baselines for reporting on foundational IT controls. They've also leveraged control frameworks and resident technologies to assist in logging, auditing and reporting. The next milestone is to "raise the bar" on how this information and data is collected and managed -- using fewer resources to achieve better results. This webcast provides a technical and procedural guideline for getting there.
Technical article:How compliance control frameworks ease risk assessment burdens
Having difficulty mapping out how to use COBIT and ISO 17799 -- together or individually? This technical article can help. Guest instructor Richard Mackey examines how to determine accountability paths and key stakeholders and reveals how taking a structured, cyclical approach can add logic and sanity to the compliance mapping process.
Podcast: Top 5 questions to ask when shopping for compliance products
Many vendors are positioning their products as compliance offerings, but when should you focus on fine-tuning your existing architecture and when is it time to buy? And when it is time, what should you keep in mind? In this podcast, Richard Mackey count downs the top five questions that organizations should ask when preparing to purchase a compliance-related product.
Quiz: Get better as you go forward
Take this 5 question quiz to assess if you know how to get better as you go forward.
About the Instructor:
@32143 Richard Mackey, ISACA, CISM, Vice President, SystemExperts is regarded as one of the industry's foremost authorities on distributed computing infrastructure and security. He has advised leading Wall Street firms on overall security architecture, virtual private networks, enterprise-wide authentication, and intrusion detection and analysis. He also has unmatched expertise in the OSF Distributed Computing Environment. Prior to joining SystemExperts, Mackey was the director of collaborative development for The Open Group (the merger of the Open Software Foundation and X/Open) where he was responsible for the integration of Microsoft's ActiveX Core with DCE and DCE Release 1.2. Mackey is an original member of the DCE Request For Technology technical evaluation team and was responsible for the architecture and defining the contents of DCE Releases 1.1 and 1.2. He has been a frequent speaker at major conferences, including Information Security Decisions, and has taught numerous tutorials on developing secure distributed applications.