This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: 4/13/2010 1 Basics of IT Security & Audit Basics of IT Security & Audit John E. Columbus, CISA MSSE Class of 2010 © Columbus Consulting Group 2010 What are your burning What are your burning questions about questions about IT Security or Audit IT Security or Audit IT Security or Audit? IT Security or Audit? Firewall Firewall -> (c) Columbus Consulting Group 2010 Agenda Agenda Definitions / Terms Relevance to you Some expectations of people that hire IT staff Risks & Errors Key IT audit concepts Security Ethics Question What did you learn? Lecture Feedback Survey (c) Columbus Consulting Group 2010 Today’s Lecture Today’s Lecture (c) Columbus Consulting Group 2010 (c) Columbus Consulting Group 2010 Key Definitions / Terms Key Definitions / Terms [1 of 5] [1 of 5] IT Security – “Protecting business data by ensuring confidentiality, integrity and availability.” ◦ CIA – Confidentiality, integrity, availability. IT Audit – “Confirming controls on IT processes” IT Compliance – Making sure IT processes stay within legal and regulatory rules. PCI – P ayment C ard I ndustry standards. ◦ DSS – D ata S ecurity S tandard. PII – P ersonally I dentifiable I nformation – various US and EU regulations about protecting this information. (c) Columbus Consulting Group 2010 4/13/2010 2 Key Definitions / Terms Key Definitions / Terms [2 of 5] [2 of 5] HIPAA – The H ealth I nsurance P ortability and A ccountability A ct of 1996 ◦ PHI – P ersonal H ealth I nformation – Information fields protected by HIPAA. ◦ ePHI – E lectronic PHI . ◦ Privacy Rule – Protect patient privacy. ◦ Security Rule – Safeguards to ensure confidentiality, integrity and availability. ARRA- The A merican R ecovery and R einvestment A ct of 2009 – Includes increased security controls and reporting requirements. (c) Columbus Consulting Group 2010 Key Definitions / Terms Key Definitions / Terms [3 of 5] [3 of 5] B usiness C ontinuity (BC) – Maintaining company processes when systems or locations are unavailable. Disaster Recovery (DR) – Restoring systems to critical operations usually via hot site or backup site. BC/DR – Business department responsible for above activities. (c) Columbus Consulting Group 2010 Key Definitions / Terms Key Definitions / Terms [4 of 5] [4 of 5] IT Governance – How the company from the Board of Directors on down monitors and controls the IT function along with long-term IT planning. Becoming a key area for auditing. Privacy vs. Security – Protecting people’s privacy versus protecting information. (c) Columbus Consulting Group 2010 Key terms in my current project Key terms in my current project [5 of 5] [5 of 5] S arbanes-Ox ley (SOX) ◦ Federal law put into place after major fraud found in Enron (and auditors that helped causing the fall of Arthur Andersen) SOX 70 – Customer audit / Compliance Other audits Entitlement Reviews / Provisioning...
View Full Document
This note was uploaded on 10/21/2011 for the course CSCI 5802 taught by Professor Heimdahl,m during the Spring '08 term at Minnesota.
- Spring '08
- Software engineering