IS SECURITY AUDITING
To many financial audits and auditing makes complete sense. We need an outside,
independant, certified professional, to review our financial status and report
what is right and wrong. We need to validate and prove our financial statements
are tur and accurate representation of the organization's financial status.
Why Not our Security
A security audit gives us this same validation. Often audits are first performed
internally by internal audit staff. But, this has no "real weight" as they are
in-house and can be coerced. Or perhaps they simply have a blinded view being
insiders and are seen as biased.
Once the internal audit is complete, it is handed over to an external audit team
which verifies and gives validation as a 3rd party, uninvolved team.
Again, Financial audits are concerned with the financial status of the organization.
IT Security audits are concerned with the IT security status of an organization.
Most compliance legislations (SOX, HIPAA, GLBA, FFIEC, etc.) all call for an audit,
annual testing and external review. This principle has been understood and practiced
for years in the financial sector yet sadly IS holds it in-house to themselves,
often creating greater risk.
Thus ISSCP is there to assist you. We are your external 3rd party source, that is
fully aware of compliance regulations. Allow us to put your mind at rest. We
understand it is not the IT department or the "criminal" that the compliance
regulations hold as accountable, but the senior management, CEO and/or CFO. These
face life change jail time for what takes place under their watchful eye and authority.
Why risk the unseen, your electronic assets (data, access and much more). As
they say "an ounce of prevention is better than a cure". or perhaps "better to
be safe than sorry". We do not risk our personal health, when concerned, we seek
a professional/medical opinion, should we not do the same with corporate security?
InfoSec. (Information Security) is not to be taken lightly. A simple audit can
determine what is the residual risk, and what has unintentionally been overlooked.
It will aid in keeping us in step with the criminals, rather than falling behind.
The problem with a breach (using the term broadly) is a breach today might not
surface for two or three years, and the rolling impact will be felt for 5-10 years.
In other words once the breach comes to light it might be 2 or more years after
the breach actually took place. What about the breachs that took place yesterday
or today? When will they surface? How many more have their been and will be? How
long will this be an impact to us?
|
Home
Security
Security Services
Security Audits
SOX Compliance
HIPAA Compliance
Data Storage
Office In Your Pocket
Business Web Presence
Security Blog
Other ISSCP Services
Sitemap
|
