8/7/2019 Information Assurance the Life Blood of Morden day

1/15

Information Assurance the Life

Blood of Morden day

enterprises

8/7/2019 Information Assurance the Life Blood of Morden day

2/15

What is information assurance?

Many institutions are having to rely on informationassurance services.

Assurance in a system is the understanding that things willwork as expected .

Information Assurance is the trust and confidence thatinformation or presented information represent what itshould be.

In short Information Assurance is the belief thatInformation is Correct.

Around the world, the journey to success is governed byincreasingly complex and broadening regulatoryrequirements and stakeholder demands. InformationAssurance is key in meeting these requirements

8/7/2019 Information Assurance the Life Blood of Morden day

3/15

Disciplines of IA

1. Information Security

2. Information System of Risk and ITGovernance

3. Information System Audit

8/7/2019 Information Assurance the Life Blood of Morden day

4/15

Disciplines of IA

Information security

Is aimed at achieving the Availability, Integrity

and Confidentiality of an organisationsinformation resources.

8/7/2019 Information Assurance the Life Blood of Morden day

5/15

Disciplines of IA

Information Systems Risk management is the

process that includes first; risk assessment,

which is identifying risks, risk-reducing

measures and the budgetary impact of

implementing decisions related to the

acceptance, avoidance, or transfer of risk.

Secondly assignment of priorities tobudgeting, implementing , and maintaining

appropriate risk- reducing counter measures.

8/7/2019 Information Assurance the Life Blood of Morden day

6/15

Disciplines of IA

IT Governance

Is concerned with two issues: That IT delivers value to the business andthat IT risks are mitigated. The first is driven by strategic alignment of ITwith the business. The second is driven by embedding accountability intothe enterprise.

IT Governance is the responsibility of the board of directors and executivemanagement. It is an integral part of enterprise governance and consist ofthe leadership and organisational structures and process that ensure thatthe organisations IT sustains and extends the organisations strategy andobjectives ( definition from Board Briefing on OT Governance, 2ndEdition,ITDI, 2004)

Research has shown that there is a positive relationship between good ITgovernance and increased corporate profitability (Weill, P.; J. Ross; HowPerformers Manage IT Decision Rights for Superior Results, HarvardBusiness School Press, USA, 2004)

8/7/2019 Information Assurance the Life Blood of Morden day

7/15

IT governance is a structure of relationships and processes used

to direct and control the enterprise toward achievement of its

goals by adding value while balancing risk vs return over IT and

its processes.

8/7/2019 Information Assurance the Life Blood of Morden day

8/15

8/7/2019 Information Assurance the Life Blood of Morden day

9/15

Disciplines of IAThe relationship between IT Security and IT

Auditing

8/7/2019 Information Assurance the Life Blood of Morden day

10/15

Disciplines of IA

IS Audit roles

The IS Auditor provides leading practicerecommendations and ensure compliance with ITGovernance

The IS Auditor is involved in the whole cycle of Systemsand infrastructure life Cycle management

IS Audit has a big role play IT Service delivery andsupport. Checking efficiency , risk , security andeffectiveness

Protection of information assets (Information Security)

Business Continuity and Disaster Recovery

8/7/2019 Information Assurance the Life Blood of Morden day

11/15

IA organisation at Ernst & Young

Global

TAX ASSURANCE TRANSACTIONADVISORY

SERVICES DEPARTMENT AT Ernst & Young GLOBAL

ADVISORY FOR FINANCIAL

SERVICESPERFORMANCE

IMPROVEMENT

IT RISK ASSURANCERISK

8/7/2019 Information Assurance the Life Blood of Morden day

12/15

Big four

The need to maintain high standards hasgenerally required that major accounting firmslook for people with internationally recognised

professional qualifications. Some of these qualifications are CISA, CISM,

CISSP. Getting any of these qualifications providesany assurance that the holder understands

modern issues with regards to informationassurance and is upto date through the CPEprogram.

8/7/2019 Information Assurance the Life Blood of Morden day

13/15

Remuneration

Holders of professional qualifications generally find iteasy to land jobs in management up to seniormanagement getting associated benefits. Titlesassociated with practitioners in this field are

IT Auditor Forensic Expert

IT Security Manager

Assurance manager

IT Risk manager IT Security Officer

IT Security Consultant

8/7/2019 Information Assurance the Life Blood of Morden day

14/15

Word of Advice

A minimum of 5 years professional IS auditing,control and security work experience is requiredfor certification. Two years IS Audit , control or

security may be substituted for a Bachelorsdegree (120 semester college credits or itsequivalent)

Experience must have been gained 10 year prior

to period preceding the application forcertification or within 5 years from date of initialpassing the examination

8/7/2019 Information Assurance the Life Blood of Morden day

15/15

The End