This preview shows pages 1–3. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: 4/13/2010 1 Basics of IT Security & Audit Basics of IT Security & Audit John E. Columbus, CISA MSSE Class of 2010 Columbus Consulting Group 2010 What are your burning What are your burning questions about questions about IT Security or Audit IT Security or Audit IT Security or Audit? IT Security or Audit? Firewall Firewall -> (c) Columbus Consulting Group 2010 Agenda Agenda Definitions / Terms Relevance to you Some expectations of people that hire IT staff Risks & Errors Key IT audit concepts Security Ethics Question What did you learn? Lecture Feedback Survey (c) Columbus Consulting Group 2010 Todays Lecture Todays Lecture (c) Columbus Consulting Group 2010 (c) Columbus Consulting Group 2010 Key Definitions / Terms Key Definitions / Terms [1 of 5] [1 of 5] IT Security Protecting business data by ensuring confidentiality, integrity and availability. CIA Confidentiality, integrity, availability. IT Audit Confirming controls on IT processes IT Compliance Making sure IT processes stay within legal and regulatory rules. PCI P ayment C ard I ndustry standards. DSS D ata S ecurity S tandard. PII P ersonally I dentifiable I nformation various US and EU regulations about protecting this information. (c) Columbus Consulting Group 2010 4/13/2010 2 Key Definitions / Terms Key Definitions / Terms [2 of 5] [2 of 5] HIPAA The H ealth I nsurance P ortability and A ccountability A ct of 1996 PHI P ersonal H ealth I nformation Information fields protected by HIPAA. ePHI E lectronic PHI . Privacy Rule Protect patient privacy. Security Rule Safeguards to ensure confidentiality, integrity and availability. ARRA- The A merican R ecovery and R einvestment A ct of 2009 Includes increased security controls and reporting requirements. (c) Columbus Consulting Group 2010 Key Definitions / Terms Key Definitions / Terms [3 of 5] [3 of 5] B usiness C ontinuity (BC) Maintaining company processes when systems or locations are unavailable. Disaster Recovery (DR) Restoring systems to critical operations usually via hot site or backup site. BC/DR Business department responsible for above activities. (c) Columbus Consulting Group 2010 Key Definitions / Terms Key Definitions / Terms [4 of 5] [4 of 5] IT Governance How the company from the Board of Directors on down monitors and controls the IT function along with long-term IT planning. Becoming a key area for auditing. Privacy vs. Security Protecting peoples privacy versus protecting information. (c) Columbus Consulting Group 2010 Key terms in my current project Key terms in my current project [5 of 5] [5 of 5] S arbanes-Ox ley (SOX) Federal law put into place after major fraud found in Enron (and auditors that helped causing the fall of Arthur Andersen) SOX 70 Customer audit / Compliance Other audits Entitlement Reviews / Provisioning...
View Full Document
- Spring '08
- Software engineering