auditdirectivei m plenetation auditdirectivei m
play

AuditDirectiveI m plenetation AuditDirectiveI m plenetation - PowerPoint PPT Presentation

Aug 18, 2023 •33 likes •113 views

AuditDirectiveI m plenetation AuditDirectiveI m plenetation Sebastian Strobl, Pierre Kwaku, Christoph Gruber CC: Oliver van Assche Oliver Eckel CC: Oliver van Assche, Oliver Eckel 29.09.2010 Document Hierarchy of Information Security Audit

  1. AuditDirectiveI m plenetation AuditDirectiveI m plenetation Sebastian Strobl, Pierre Kwaku, Christoph Gruber CC: Oliver van Assche Oliver Eckel CC: Oliver van Assche, Oliver Eckel 29.09.2010

  2. Document Hierarchy of Information Security Audit Policy Generalregulation for conducting audits Generalregulation for conducting audits Audit Standard When, how and where audits are performed performed “Audit Charter” “A dit Ch t ” How to audit things How to audit things, organisations, etc. General Directive(s) Things audit needs Specific Directive(s)

  3. Principles for Audit Directives • Derived from Audit Standard or a more abstract Directive • Dedicated the a special task, region or audience • Only needed if Standard is not adequate or specific enough

  4. Requirem ents for Audit Docum ents • Internal “Code of Conduct for Audit Department” • How the things are done • Quality Assurance • … • Requirements for Others • What data has to be provided • Quality of data (integrity, … Q y ( g y, ) ) • … • Cooperation with external auditors • Corporate Audit has to be single point of contact to external auditors p g p • …

  5. Code Of Conduct • Information systems audit controls • Protection of information systems audit tools • Other internal regulations, beside IT

  6. Directive to Others • Starts with ISS ch. 6 (Security Coordinators), one contact in each department • Implementation of audit rights into contracts with internal and external staff • ISS 9.1.2 physical entry controls • ISS 10 1 1 documented operating procedures • ISS 10.1.1 documented operating procedures • ISS 10.1.2 change management • ISS 10.2.2 monitoring and review of third party services • ISS 10.6.2 security of network services • ISS 10.7 media management ISS 10 7 media management • ISS 10.10 audit logging • ISS 11.7.2 teleworking • ISS 12.3.2 keymanagement • ISS 12.4.2 protection of system test data ISS 12 4 2 t ti f t t t d t • ISS 12.4.3 access control to program source code • ISS 12.5.1 change control procedures • ISS 12.5.5 outsourced software development • ISS 13.2 management of information security incidents and improvements ISS 13 2 t f i f ti it i id t d i t • ISS 15.1 compliance with legal requirements • ISS 15.2 Compliance with security policies and standards, and technical compliance

  7. Cooperation w ith external Auditors • Corporate Audit Department has to be the single point of contact for external auditors • Exceptions? Exceptions? Tax audit? • Law enforcement • Law enforcement • …

  8. Thank You Thank You

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Approximate Q-Learning 2/24/17 State Value V(s) vs. Action Value Q(s,a) " # X t r t

Approximate Q-Learning 2/24/17 State Value V(s) vs. Action Value Q(s,a) " # X t r t

Approximate Q-Learning 2/24/17 State Value V(s) vs. Action Value Q(s,a) " # X t r t V = E t =0 Either way, value is the sum of future discounted rewards (assuming the agent behaves optimally): V(s) : after being in state s

404 views • 17 slides
CS 327E Class 3 September 23, 2019 1) Which SQL join type does this query contain? S(a: int, b:

CS 327E Class 3 September 23, 2019 1) Which SQL join type does this query contain? S(a: int, b:

CS 327E Class 3 September 23, 2019 1) Which SQL join type does this query contain? S(a: int, b: string); A. Inner Join T(c: string, d: date); B. Natural Join C. Cross Join SELECT * D. None of the above FROM T, S; 2) The following query,

581 views • 28 slides
Memo Tables Jean-Christophe Filli atre CNRS joint work with Fran c ois Bobot and Andrei

Memo Tables Jean-Christophe Filli atre CNRS joint work with Fran c ois Bobot and Andrei

Memo Tables Jean-Christophe Filli atre CNRS joint work with Fran c ois Bobot and Andrei Paskevich ProVal team, Orsay, France IFIP WG 2.8 Functional Programming March 2011 Context: Deductive Program Verification proof annotated provers

588 views • 36 slides
Lecture 1.5: Multiplication tables Matthew Macauley Department of Mathematical Sciences Clemson

Lecture 1.5: Multiplication tables Matthew Macauley Department of Mathematical Sciences Clemson

Lecture 1.5: Multiplication tables Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4120, Modern Algebra M. Macauley (Clemson) Lecture 1.5: Multiplication tables Math 4120,

354 views • 8 slides
REMARKS By Frank J. Chaloupka, PhD Associate Professor, University of Illinois at Chicago

REMARKS By Frank J. Chaloupka, PhD Associate Professor, University of Illinois at Chicago

REMARKS By Frank J. Chaloupka, PhD Associate Professor, University of Illinois at Chicago Research Associate, National Bureau of Economic Research Alcohol Policy XI Plenary Session III SLIDE 1: Economic Perspectives on Alcohol Taxation This

217 views • 7 slides
Literacy Intervention Program Plan Guidance Webinar: September 18, 2017 Literacy Intervention

Literacy Intervention Program Plan Guidance Webinar: September 18, 2017 Literacy Intervention

Literacy Intervention Program Plan Guidance Webinar: September 18, 2017 Literacy Intervention Program Plan The Basics Due: October 1, 2017 Submit to: plans@osbe.idaho.gov Templates and support available on OSBE website at

373 views • 13 slides
A N S WE R M O D E L : m a k e A N s c q a f o r a c a s e o n o n

A N S WE R M O D E L : m a k e A N s c q a f o r a c a s e o n o n

A N S WE R M O D E L : m a k e A N s c q a f o r a c a s e o n o n l i n e s t o r a g e S t r u c t u r i n g y o u r s t o r y A n s w e r m o d e l f o r t h e e x

422 views • 3 slides
Software Requirements and the Requirements Engineering Process Chapters 5 and 6 References

Software Requirements and the Requirements Engineering Process Chapters 5 and 6 References

Software Requirements and the Requirements Engineering Process Chapters 5 and 6 References Software Engineering. Ian Sommerville. 6th edition. Pearson. Code Complete. Steve McConnell. (CC) The art of requirements triage. Alan M.

484 views • 25 slides
Scaling a Multi-Tenant k8s Cluster in a Telco Pablo Moncada October 28, 2020 About MasMovil

Scaling a Multi-Tenant k8s Cluster in a Telco Pablo Moncada October 28, 2020 About MasMovil

Scaling a Multi-Tenant k8s Cluster in a Telco Pablo Moncada October 28, 2020 About MasMovil group 4th telecom company in Spain Provides voice and broadband services to +12M customers Several brands in the group (7 main brands

340 views • 6 slides
LBD ICT SLIDES FOR INDUSTRY ENGAGEMENT DIGITAL NATION DIVISION MINISTRY OF ENERGY, MANPOWER AND

LBD ICT SLIDES FOR INDUSTRY ENGAGEMENT DIGITAL NATION DIVISION MINISTRY OF ENERGY, MANPOWER AND

LBD ICT SLIDES FOR INDUSTRY ENGAGEMENT DIGITAL NATION DIVISION MINISTRY OF ENERGY, MANPOWER AND INDUSTRY AUGUST 2018 1 LBD ICT Implementation Date LBD policy implementation for ICT Industry has taken into effect on 1 st March 2017. It has

387 views • 18 slides
Teaching Focused Careers in Colleges , Universities , and Industry Mine Dogucu @MineDogucu

Teaching Focused Careers in Colleges , Universities , and Industry Mine Dogucu @MineDogucu

Teaching Focused Careers in Colleges , Universities , and Industry Mine Dogucu @MineDogucu bit.ly/dogucu-talk PhD, The Ohio State University Assistant Professor of Applied Statistics, New College of Florida Visiting Assistant Professor of

673 views • 40 slides
How to fail? Wang-Chiew Tan University of California, Santa Cruz Bad research ideas: How to

How to fail? Wang-Chiew Tan University of California, Santa Cruz Bad research ideas: How to

How to fail? Wang-Chiew Tan University of California, Santa Cruz Bad research ideas: How to recognize them, avoid them, and abandon them. Read more papers. A research idea is excellent if you enjoy working on it and it has impact.

535 views • 8 slides
A new implementation of relative distribution methods in Stata Ben Jann University of Bern 2020

A new implementation of relative distribution methods in Stata Ben Jann University of Bern 2020

A new implementation of relative distribution methods in Stata Ben Jann University of Bern 2020 Swiss Stata Conference University of Bern, November 19, 2020 Ben Jann (ben.jann@soz.unibe.ch) Relative distribution methods Bern, 19.11.2020 1

779 views • 34 slides
Gender Equity Committee Report to the FAS Faculty on the FAS 2005-2007 data set Members from

Gender Equity Committee Report to the FAS Faculty on the FAS 2005-2007 data set Members from

Gender Equity Committee Report to the FAS Faculty on the FAS 2005-2007 data set Members from P&P and WFC: Marisa Carrasco, Ernest Davis, Jo Dixon, James Fernandez, Carol Shoshkes Reiss & Gabrielle Starr FAS Institutional Research:

378 views • 16 slides
How to Get Tenure in Databases @andy_pavlo Research Papers Classes Taught Grants Funded

How to Get Tenure in Databases @andy_pavlo Research Papers Classes Taught Grants Funded

Andy's Guide on How to Get Tenure in Databases @andy_pavlo Research Papers Classes Taught Grants Funded Research Papers Classes Taught Grants Funded # of Crazy Emails! Physics: Emc 2 Math: Fermat's Thm ComSci: P=NP # of

481 views • 11 slides
Webinar The Insurance Act Guarding against the consequences of a breach of a condition

Webinar The Insurance Act Guarding against the consequences of a breach of a condition

Webinar The Insurance Act Guarding against the consequences of a breach of a condition precedent to liability Georgina Oakes, Research and Development Manager, Airmic 25 th October, 2017 Alexander Oddy, Partner, Herbert Smith Freehills

256 views • 6 slides
SQL - Data Query language Eduardo J Ruiz October 20, 2009 1 Basic Structure The simple

SQL - Data Query language Eduardo J Ruiz October 20, 2009 1 Basic Structure The simple

SQL - Data Query language Eduardo J Ruiz October 20, 2009 1 Basic Structure The simple structure for a SQL query is the following: select a1...an from t1 .... tr where C Where t 1 . . . t r is a list of relations in the database schema,

338 views • 6 slides
Co-inductive predicates and bisimilarity CoqArt section 13.613.7 Koen Timmermans and

Co-inductive predicates and bisimilarity CoqArt section 13.613.7 Koen Timmermans and

Co-inductive predicates and bisimilarity CoqArt section 13.613.7 Koen Timmermans and Marnix Suilen 1 Definitions Recall the definition of LList : Set Implicit Arguments. CoInductive LList (A:Set) : Set := LNil : LList A | LCons : A

655 views • 43 slides
Long term vision for LArSoft: Overview Adam Lyon LArSoft Workshop 2019 25 June 2019 Long term

Long term vision for LArSoft: Overview Adam Lyon LArSoft Workshop 2019 25 June 2019 Long term

Long term vision for LArSoft: Overview Adam Lyon LArSoft Workshop 2019 25 June 2019 Long term computing vision You already know this https://www.karlrupp.net/2018/02/42-years-of-microprocessor-trend-data/ 2 The response - Multicore

89 views • 7 slides
ITU ! T " Speech " and " Audio " Coding Yusuke Hiwasaki Yusuke " Hiwasaki

ITU ! T " Speech " and " Audio " Coding Yusuke Hiwasaki Yusuke " Hiwasaki

ITU ! T " Speech " and " Audio " Coding Yusuke Hiwasaki Yusuke " Hiwasaki Associate " Rapporteur, " ITU ! T " SG16 " Question " 10 NTT " Labs., " Japan Outline 1. Note " well 2. ITU

264 views • 13 slides
SRIA A TECHNICAL BLUEPRINT FOR EC RESEARCH 1 2 Disclaimer The SRIA contains 240 pages with

SRIA A TECHNICAL BLUEPRINT FOR EC RESEARCH 1 2 Disclaimer The SRIA contains 240 pages with

Networld General Assembly 16-Nov-2020 SRIA A TECHNICAL BLUEPRINT FOR EC RESEARCH 1 2 Disclaimer The SRIA contains 240 pages with ideas of more than 150 experts. Therefore this presentation includes only some examples/thematic topics

394 views • 20 slides
Joint E oint Eur uropean opean Stak Stakeholder Gr eholder Group oup Tuesday 28 April 2015:

Joint E oint Eur uropean opean Stak Stakeholder Gr eholder Group oup Tuesday 28 April 2015:

Joint E oint Eur uropean opean Stak Stakeholder Gr eholder Group oup Tuesday 28 April 2015: Meeting 2 1. Introductions and Apologies Barbara Vest JESG Independent Chair 2. Review view of of Action Action Log Log Sara-Lee Kenney

716 views • 44 slides
Protocol on SEA Section A4.4: SEA of plans & programmes Consultation with authorities

Protocol on SEA Section A4.4: SEA of plans & programmes Consultation with authorities

Protocol on SEA Section A4.4: SEA of plans & programmes Consultation with authorities Resource Manual to Support Application of the UNECE Protocol on Strategic Environmental Assessment draft 27-Apr-07 A4.4 Consultation with

461 views • 7 slides
Emerging Global Energy Network Emerging Global Energy Network Regional electricity grids

Emerging Global Energy Network Emerging Global Energy Network Regional electricity grids

Emerging Global Energy Network Emerging Global Energy Network Regional electricity grids being connected into worldwide energy network Emerging Global Energy Network Emerging Global Energy Network Regional electricity grids being

69 views • 3 slides

More recommend