SecurityRatty: Art of Information Security Episode 002: GTAGs and Safe Harbors

This is cache of http://feeds.feedburner.com/~r/artofinfosec/~3/207882937/. Cache is the snapshot of article that we took when we index feed.
To see original page click here.
We are not affiliated with the authors of this article and not responsible for its content.

Art of Information Security Episode 002: GTAGs and Safe Harbors

2007-12-29 05:09:20 by Erik T. Heidt in Art of Information Security

Art of Info Sec 002: GTAGs and Safe Harbors

GTAG’s

The Institute of Internal Auditors has been releasing a white paper series on issues related to IT Risk Management and Information Security. The paper’s are titled as GTAGs, which is an acronym for Global Technology Audit Guidance. The project is very ambitious, trying to break down major technical topics, the IT risks associated with them, and the controls that are available in a concise format accessible to senior risk executives.

Of the nine that have been released to date, several caught my eye. Here are the ones I would like to highlight:

Auditing Application Controls
Change and Patch Management Controls
Identity and Access Management
Information Technology Outsourcing
Managing and Auditing Privacy Risks
Managing and Auditing IT Vulnerabilities

You can find the library of papers at The IIA’s GTAG portal. New materials are released regularly.

In Other News…

Earlier this month I participated in a Webinar titled “Getting More Encryption for Less”. At the end of the call there were a few interesting questions during the Q and A session, one of which I wanted to recap here…

Question: Will Federal Privacy Regulations include Cryptography Standards for “Safe Harbors” ?