Newsletters Welcome, Guest Log In | Register
Knowledge Network :

Discussions

Join the Community

Exchange

Get full access to our community's expertise and resources.

Register Now >

What's New

Hosted by JohnStorts

Updates and news from the Knowledge Network

Visualizing Virtualization: Is It Right for Your Company?
 
Knowledge Network Tools Make Learning About, Upgrading to Windows 7 Easier
 
Go See for Yourself (And Your Business): "Agile Adoption Needs Agile Adoptees"
 

Top Contributors

View all participants

Popular Tags

View all

Re: Where Do I Get My Controls?

18 Replies Last post: Nov 20, 2009 7:55 PM by MikeBailey Go to original post 1 2 Previous Next
MaribelLeon  
MaribelLeon
8 posts since
Nov 4, 2009
15. Nov 19, 2009 11:50 PM in response to: Ralph DeFrangesco
Re: Where Do I Get My Controls?

Yes, it does matter where controls are obtained. When choosing which controls to implement, organizations should focus on the greatest risks and work to mitigate them at the lowest cost with minimal impact on the company mission. In implementing controls, the organization should consider technical, operational, and management security controls. Increased corporate governance requirements have caused companies to analyze their internal practices to ensure that the proper controls are in place. Organizations are increasingly competing in the global marketplace which is governed by multiple laws and supported by various organizational practices. Choosing which controls to implement should be in alignment with the mission of the business in order to provide the proper oversight to manage risks to the enterprise and keep them at an acceptable level. Processes within the established frameworks, such a ISO 17799, CobiT and HIPAA support different aspects of confidentiality, integrity and availability.

Report Abuse
MaribelLeon  
MaribelLeon
8 posts since
Nov 4, 2009
16. Nov 19, 2009 11:57 PM in response to: Millie
Re: Where Do I Get My Controls?

Mille, I do agree that companies should acknowledge threats and focus on the best interest of the organizational system and technical, operational, and management security controls should be considered. However, I also think that depending on the type of organization, certain frameworks may more applicable or required to obtain controls from. Controls within these frameworks do ovelap that why mapping controls can be helpful.

Report Abuse
MikeBailey  
MikeBailey
6 posts since
Nov 6, 2009
17. Nov 20, 2009 7:44 PM in response to: Ralph DeFrangesco
Re: Where Do I Get My Controls?

It matters where you get your controls to an extent.  Warrick was right, enough time and effort has been spent on creating proven controls so as long as your controls come from a solid source such as ISO17799 and CobiT the company should be fine.  When selecting controls from these sources, the company just needs to re-evaluate their effectiveness when associated with the specific workings of their company.  These controls are already evaluated in terms of cost and man-hours but they need to be reviewed again to make sure the impact they have on everyday working practices is acceptable.

Report Abuse
MikeBailey  
MikeBailey
6 posts since
Nov 6, 2009
18. Nov 20, 2009 7:55 PM in response to: Royce"The-Go-to-Guy"Richards
Re: Where Do I Get My Controls?

I think Royce makes a great point when he says that these controls will not always prevent disaster from striking but will protect the company from any ensuing fines or lawsuits.  When I used to work for a credit card processing company, certain controls that were implemented were actually enforced more to avoid fines and lawsuits than to actually protect the card holders.  When the controls and policies were explained to employees at my company it was made clear that while these standards were created to protect the card holders, our company's appearance and reputation was ultimately more important.

Report Abuse

Re: Where Do I Get My Controls?

Go to original post 1 2 Previous Next

Premium Tools

Browse

Six Sigma Framework for IT

This collection of tutorials, calculators, and templates will show you how to apply Six Sigma thinking to IT service management.

Learn more >

ITIL V3 Foundation - Complete Certification Kit

Enhance your IT career by getting your ITIL Foundation Certificate. It's fast and easy with this complete resource. The 186-page eBook and companion online training course is guaranteed to help you pass the ITIL exam.

Learn more >

Hot Topics

Browse

Resource Centers

Browse

Service Oriented Architecture (SOA)

Service-Oriented Architecture is the catalyst that allows today’s companies to respond to business demands faster and more effectively than ever.

Featured Whitepapers

SOA Strategy: A Comprehensive Yet Flexible Suite for a Pervasive Architecture

Database Management

Data management tips and techniques that insure ease of access, comprehensive security and absolute privacy for your invaluable company information.

Featured Whitepapers

Lowering Your IT Costs with Oracle Database 11g Release 2

Enterprise Manager

Tools, best practices and expert advice on managing your enterprise IT infrastructure, databases, and Web service components.

Featured Whitepapers

Enterprise Management Flyover

Cost-Effective Business Software

Business solutions software that reduce costs, improve operational performance, decrease risk, and strengthen business management processes.

Featured Whitepapers

10 Pitfalls to Avoid When Selecting a EAM/CMMS

White Papers, Events, and Resources

Tape Fallacies Exposed — The Future of Tape Is Still Bright

Tape isn't going away anytime soon. This Mesabi Group white paper sheds light on the most common misperceptions about tape-based storage.

IBM Cognos 8 Performance Management Solutions for use with SAP NetWeaver

This white paper outlines how the right performance management software and solutions can capture the hidden value from investments in SAP NetWeaver® Business Warehouse.