An Information Security and Compliance Risk Management Framework
This presentation discusses information security and compliance risk management – what is it? why do it? – and introduces a framework to implement it in the healthcare industry.
The “Compliance” category is a curated collection of resources, articles, and information focused on the various aspects of IT compliance within organizations. This section of our CIO Reference Library provides valuable insights for CIOs, IT executives, and other decision-makers seeking to understand, establish, and maintain compliance with relevant regulations, industry standards, and best practices within their IT function.
IT compliance is critical for organizations to ensure that their technology systems, processes, and data management practices adhere to applicable legal, regulatory, and industry requirements, ultimately mitigating risks and protecting the organization’s reputation.
Key topics within the Compliance category include:
The Compliance category offers valuable insights and guidance for IT leaders seeking to understand, establish, and maintain compliance with relevant regulations, industry standards, and best practices within their IT function. By leveraging the knowledge and resources shared within this category, IT professionals can effectively manage compliance risks, protect their organization’s reputation, and ensure the ongoing success and resilience of their technology systems and processes.
This presentation discusses information security and compliance risk management – what is it? why do it? – and introduces a framework to implement it in the healthcare industry.
This presentation provides an overview of Statement on Auditing Standards aka SAS 70 auditing standard – what is SAS 70 report? what is the terminology used? how to perform a SAS 70 audit? what are the key considerations? how to use a SAS 70 report? how to evaluate a SAS 70 report?
Dive into this guide for a thorough understanding of auditing IT system configurations, focusing on standardized approaches, audit objectives, and test methodologies.
This presentation defines and clarifies the role, mission and charter of the internal audit function then describes its reporting structure and relationships with key stakeholders. It discusses best practices for executive reporting, risk assessment, life cycle and methodology and how to perform risk based and computer assisted audits.
This presentation discusses change management – definition, significance, types – change management controls, the impact of weak change management controls and best practices in change management along the software development life cycle (SDLC).
This presentation discusses concepts, best practices, business case, and implementation guidelines for continuous auditing. It presents a case study to depict the practical application of these concepts.
This paper provides an overview of computer audit – what are the main activities in conducting a computer audit and what is the role of the computer auditor?
This presentation provides a primer on virtualization, discusses things to know about virtualization from an IT audit perspective – "What IS virtualization? What are the issues? What is a reasonable, “AUDIT-READY” secure Reference Architecture?"
This excellent presentation provides an overview of information technology audit – for the non-auditor. It starts with the basics – what is an IT audit? – then goes on to establish a baseline of key terms and concepts, automated controls, difference between financial and IT controls, dispels common myths, and, how to test common IT controls.
This presentation discusses data analytics in the context of internal audit – what is data analytics? how to create sustainable data analytics? what are some advanced data analytics techniques such as visualization? what are the principles of data analytics?
Please login to unlock all 25 posts in IT Compliance Resources
Please visit the CIO Wiki for comprehensive coverage of IT Management terms and concepts.