Related News & Events

T2P information governance newsfeed RSS link

Solution Core: Visible Ops and Multicompliance

Core Guide Gene Kim is the CTO of Tripwire, Inc. and co-founder of the IT Process Institute. He is currently working on a series of cross-industry projects to capture and codify how IT operations, security, audit, management, and governance collaboratively achieve common objectives in "best in class" organizations.
[ More about Gene... ]

Conference Report: ISACA North America CACS: “Wow, we’re not in Vegas anymore…”

I’ve always loved the ISACA CACS conferences. Why? I guess because I love auditors. Not all auditors, mind you, but auditors that have a risk-based orientation, and who understand that the achievement of any goal (regardless of whether we’re talking about information security, operating effectiveness, or compliance goals) hinge on effective controls.

And IT auditors congregate at the fantastic ISACA conferences and chapter events. It’s one of the few conferences that have a good balance of IT risk and business risk. I don’t know of any other conference where you can not only learn about application and network security, but also bone up on how to audit and secure SAP and PeopleSoft systems!

I’m a fan of this conference. I usually like to make sure I attend the entire week. After all, it’s been years since I’ve actually touched an SAP instance, and knowing more about SAP makes me feel smarter.

copydesk.org

Image courtesy: copydesk.org (this is not a real pic from CACS conference, btw…)

Given the throngs of people at the Infosecurity Europe conference, I expected a similarly huge crowd at the ISACA North American CACS conference, held on April 27-May 1. Alas, this wasn’t the case.

The last NA-CACS conference I was at was probably three years ago, when it was in Las Vegas at some huge hotel. I’m guessing there were about 3500 people at that conference, which was one of the largest ISACA events I had been to. This was around the same time as the huge buildup/panic around SOX-404.

This year, I’m estimated that there were only around 1300 attendees. It was a fantastic program, with lots of senior practitioners, spanning information security, IT audit, even some chief audit executives speaking, and IT governance.

Given that this is probably one of the best put together curriculums, I think it’s unfortunate that it didn’t attract the numbers of Infosecurity Europe. Why? These are only my speculations:

IT audit training budgets are shrinking, unlike the bushels of money being thrown around in information security
ISACA is not effectively reaching the radar screens of information security practitioners

If true, this is too bad. Information security could use a good dose of learnin’ about risk-based application of IT controls.

More Articles...

<< Start < Prev 1 2 3 4 5 6 7 8 9 10 Next > End >>

Related IT Policy Templates

>> View All Templates

Learn More about Visible Ops and Multicompliance

Sustaining SOX Compliance: Best Practices to Mitigate Risk, Automate Compliance, and Reduce Costs

To successfully sustain SOX compliance, organizations must implement best practices to ensure IT systems not only achieve a known and trusted state but they also maintain that state. Management must be more accountable and aware of the need for a continuous and proactive operational risk management environment that recognizes the links between its technology infrastructure, business processes, reputation, compliance, and internal controls. It is vital that Tripwire configuration audit and control solutions are used as an integral element of sustained compliance initiatives.

Learn how in this Tripwire whitepaper.

Addressing Compliance Initiatives with the Center for Internet Security (CIS)

In this paper, learn what you need to build an effective compliance program by understanding benchmarks, the basic building blocks of compliance initiatives. In particular, you'll learn about the benchmarks developed by the Center for Internet Security (CIS), which are often used as a starting point for creating a compliance initiative.

Read and learn:

What the CIS is and how it develops its benchmarks.
How to use the CIS benchmarks to address compliance and security.
Some considerations to make when implementing the benchmarks.
The difference between a benchmark, framework and regulation.
How Tripwire CIS-certified solution lets you take advantage of the powerful CIS benchmarks.

Download this paper and learn about the CIS security benchmarks and how Tripwire's CIS solution helps you meet your compliance and security needs.

Become PCI Compliant and Secure with Enhanced File Integrity Monitoring

Many organizations pass a PCI DSS audit, but still find themselves in the news after suffering a security breach. Part of the issue may be that the configuration settings were compliant with the settings specified in the PCI DSS,but only for a point in time. But what happens as soon as the audit is over and changes to computer system configurations take those systems out of compliance? The true intent of the PCI DSS is not for organizations to be compliant at a single point in time, but instead to maintain a compliant state over time, in the face of inevitable change that occurs to in-scope systems.

This white paper discusses:

The high-level goals of the PCI DSS.
The two areas of technical controls the PCI DSS requires-configuration and change process controls.
How Configuration Assessment helps you address the configuration checklist items in the PCI DSS.
How Enhanced File Integrity Monitoring helps you maintain PCI DSS compliance over time in the face of configuration change.

Download this paper and learn how Tripwire's Enhanced File Integrity Monitoring helps you move beyond the PCI checklists to truly secure the cardholder environment.

What Is Truth to Power?

Feel the Power