Newsletters Welcome, Guest Log In | Register
Knowledge Network :

Discussions

Join the Community

Exchange

Get full access to our community's expertise and resources.

Register Now >

What's New

Hosted by SusanHall

Updates and news from the Knowledge Network

Track Risk from Identification to Control
 
Definitions Help You Communicate Clearly
 
What's Your Policy on Wireless Networking?
 

Top Contributors

View all participants

Popular Tags

View all

Re: Where Do I Get My Controls?

18 Replies Last post: Nov 20, 2009 7:55 PM by MikeBailey Go to original post 1 2 Previous Next
MaribelLeon  
MaribelLeon
8 posts since
Nov 4, 2009
15. Nov 19, 2009 11:50 PM in response to: Ralph DeFrangesco
Re: Where Do I Get My Controls?

Yes, it does matter where controls are obtained. When choosing which controls to implement, organizations should focus on the greatest risks and work to mitigate them at the lowest cost with minimal impact on the company mission. In implementing controls, the organization should consider technical, operational, and management security controls. Increased corporate governance requirements have caused companies to analyze their internal practices to ensure that the proper controls are in place. Organizations are increasingly competing in the global marketplace which is governed by multiple laws and supported by various organizational practices. Choosing which controls to implement should be in alignment with the mission of the business in order to provide the proper oversight to manage risks to the enterprise and keep them at an acceptable level. Processes within the established frameworks, such a ISO 17799, CobiT and HIPAA support different aspects of confidentiality, integrity and availability.

Report Abuse
MaribelLeon  
MaribelLeon
8 posts since
Nov 4, 2009
16. Nov 19, 2009 11:57 PM in response to: Millie
Re: Where Do I Get My Controls?

Mille, I do agree that companies should acknowledge threats and focus on the best interest of the organizational system and technical, operational, and management security controls should be considered. However, I also think that depending on the type of organization, certain frameworks may more applicable or required to obtain controls from. Controls within these frameworks do ovelap that why mapping controls can be helpful.

Report Abuse
MikeBailey  
MikeBailey
6 posts since
Nov 6, 2009
17. Nov 20, 2009 7:44 PM in response to: Ralph DeFrangesco
Re: Where Do I Get My Controls?

It matters where you get your controls to an extent.  Warrick was right, enough time and effort has been spent on creating proven controls so as long as your controls come from a solid source such as ISO17799 and CobiT the company should be fine.  When selecting controls from these sources, the company just needs to re-evaluate their effectiveness when associated with the specific workings of their company.  These controls are already evaluated in terms of cost and man-hours but they need to be reviewed again to make sure the impact they have on everyday working practices is acceptable.

Report Abuse
MikeBailey  
MikeBailey
6 posts since
Nov 6, 2009
18. Nov 20, 2009 7:55 PM in response to: Royce"The-Go-to-Guy"Richards
Re: Where Do I Get My Controls?

I think Royce makes a great point when he says that these controls will not always prevent disaster from striking but will protect the company from any ensuing fines or lawsuits.  When I used to work for a credit card processing company, certain controls that were implemented were actually enforced more to avoid fines and lawsuits than to actually protect the card holders.  When the controls and policies were explained to employees at my company it was made clear that while these standards were created to protect the card holders, our company's appearance and reputation was ultimately more important.

Report Abuse

Re: Where Do I Get My Controls?

Go to original post 1 2 Previous Next

Premium Tools

Browse

Budget & Finance Toolkit for IT - 2010 Edition

Download a comprehensive collection of templates, forms, instruction and advice that will help you to plan and submit your 2010 IT Budget.

Learn more >

Project Manager's Toolkit

Govern your IT projects using the latest project management standards including Prince2 and PMBOK. The Project Manager's Toolkit contains over 80 documents and templates that explain and guide you through today's highest standards of project management.

Learn more >

Hot Topics

Browse

Resource Centers

Browse

Data Warehousing for Business Intelligence

Comprehensive storage solutions for better data access and retrieval, leading to better-informed business decisions.

Featured Whitepapers

Maximizing Operational Efficiency with Oracle Business Intelligence (BI) Applications

Mobile Management

Answers to the ongoing challenges of the mobile office: to work anywhere, securely and efficiently.

Featured Whitepapers

So, You're Responsible for Managing Laptops: Now What?

Data Center Management

Indispensable technologies and best practices to maintain your organization's most valuable asset.

Featured Whitepapers

Management Strategy for Network-Critical Physical Infrastructure

Virtualization

New business consolidation breakthroughs for better server optimization, resulting in more storage and computing capacity.

Featured Whitepapers

Capacity Utilization Initiatives Fuel Growth in Virtualization

White Papers, Events, and Resources

Making the Business Case for Data Center Consolidation

Read this white paper to see how grid computing is delivering above and beyond the promises of virtualization, particularly with database consolidation, resulting in better availability, scalability, flexibility, lower costs, and better service levels of every kind.

Virtualization Strategy for Mid-sized Businesses

This white paper shows how mid-sized businesses can benefit by implementing the right virtualization solution.