SOX
Apr 16 2012
Biggering the IT (in the AudIT)
When I read the following two descriptions together they sound like the business equivalent of Dr. Seuss:
“CISA is to Audit what CPA and CA are to Accounting” – ISACA
“The CITP credential […] focuses on information assurance and business insight required to bridge the gap between company management and the technology they leverage. The CISA credential strictly focuses on the skills and knowledge required to perform information systems audits.” - AICPA
The implicit perspective is that there is a clear bright line between the business and IT.
Sep 11 2009
Architecting for Compliance
Of all the words that make IT people cringe, "audit" has to be in the top ten. However, many companies today, especially those in the financial services and medical sectors, view successful compliance audits as THE critical success factor for their CIO. This is largely due to a few high profile cases of personal data loss due to hacking, and it may be nothing more than the concern du jour for IT managers. Nevertheless, IT architects need to be aware of the major compliance concerns for new applications, and should address those concerns in their designs.
At a high level, compliance auditors are going to be looking at six areas of your application architecture:
1) Access Control, which is a security concern that is normally considered in the architecture anyway.
2) Data Integrity, specifically the confidentiality of personal data belonging to customers
© 2011 CapTech Ventures, Inc. All Rights Reserved. Legal Notices.