Art of Information Security Episode 002: GTAGs and Safe Harbors

Art of Info Sec 002: GTAGs and Safe Harbors

GTAG’s

The Institute of Internal Auditors has been releasing a white paper series on issues related to IT Risk Management and Information Security. The paper’s are titled as GTAGs, which is an acronym for Global Technology Audit Guidance. The project is very ambitious, trying to break down major technical topics, the IT risks associated with them, and the controls that are available in a concise format accessible to senior risk executives.

Of the nine that have been released to date, several caught my eye. Here are the ones I would like to highlight:

  • Auditing Application Controls
  • Change and Patch Management Controls
  • Identity and Access Management
  • Information Technology Outsourcing
  • Managing and Auditing Privacy Risks
  • Managing and Auditing IT Vulnerabilities

You can find the library of papers at The IIA’s GTAG portal. New materials are released regularly.

In Other News…

Earlier this month I participated in a Webinar titled “Getting More Encryption for Less”. At the end of the call there were a few interesting questions during the Q and A session, one of which I wanted to recap here…

Question: Will Federal Privacy Regulations include Cryptography Standards for “Safe Harbors” ?

  • Discuss what a Safe Harbor is, using California Security Breach Information Act (SB-1386) as an example
  • Introduce NIST, FIPS, and FIPS 140-2

Cheers, Erik

Categories
News and Info, Podcast
Tags
, , ,
Comments rss
Comments rss
Trackback
Trackback

« Get Rich Quick at FakeChecks.Org - N O T What do you want to know about Cryptography in the Enterprise ? »

Leave a comment

You can use these tags : <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>