Upload
djndaedza-ndaedza
View
220
Download
0
Embed Size (px)
Citation preview
8/7/2019 Information Assurance the Life Blood of Morden day
1/15
Information Assurance the Life
Blood of Morden day
enterprises
8/7/2019 Information Assurance the Life Blood of Morden day
2/15
What is information assurance?
Many institutions are having to rely on informationassurance services.
Assurance in a system is the understanding that things willwork as expected .
Information Assurance is the trust and confidence thatinformation or presented information represent what itshould be.
In short Information Assurance is the belief thatInformation is Correct.
Around the world, the journey to success is governed byincreasingly complex and broadening regulatoryrequirements and stakeholder demands. InformationAssurance is key in meeting these requirements
8/7/2019 Information Assurance the Life Blood of Morden day
3/15
Disciplines of IA
1. Information Security
2. Information System of Risk and ITGovernance
3. Information System Audit
8/7/2019 Information Assurance the Life Blood of Morden day
4/15
Disciplines of IA
Information security
Is aimed at achieving the Availability, Integrity
and Confidentiality of an organisationsinformation resources.
8/7/2019 Information Assurance the Life Blood of Morden day
5/15
Disciplines of IA
Information Systems Risk management is the
process that includes first; risk assessment,
which is identifying risks, risk-reducing
measures and the budgetary impact of
implementing decisions related to the
acceptance, avoidance, or transfer of risk.
Secondly assignment of priorities tobudgeting, implementing , and maintaining
appropriate risk- reducing counter measures.
8/7/2019 Information Assurance the Life Blood of Morden day
6/15
Disciplines of IA
IT Governance
Is concerned with two issues: That IT delivers value to the business andthat IT risks are mitigated. The first is driven by strategic alignment of ITwith the business. The second is driven by embedding accountability intothe enterprise.
IT Governance is the responsibility of the board of directors and executivemanagement. It is an integral part of enterprise governance and consist ofthe leadership and organisational structures and process that ensure thatthe organisations IT sustains and extends the organisations strategy andobjectives ( definition from Board Briefing on OT Governance, 2ndEdition,ITDI, 2004)
Research has shown that there is a positive relationship between good ITgovernance and increased corporate profitability (Weill, P.; J. Ross; HowPerformers Manage IT Decision Rights for Superior Results, HarvardBusiness School Press, USA, 2004)
8/7/2019 Information Assurance the Life Blood of Morden day
7/15
IT governance is a structure of relationships and processes used
to direct and control the enterprise toward achievement of its
goals by adding value while balancing risk vs return over IT and
its processes.
8/7/2019 Information Assurance the Life Blood of Morden day
8/15
8/7/2019 Information Assurance the Life Blood of Morden day
9/15
Disciplines of IAThe relationship between IT Security and IT
Auditing
8/7/2019 Information Assurance the Life Blood of Morden day
10/15
Disciplines of IA
IS Audit roles
The IS Auditor provides leading practicerecommendations and ensure compliance with ITGovernance
The IS Auditor is involved in the whole cycle of Systemsand infrastructure life Cycle management
IS Audit has a big role play IT Service delivery andsupport. Checking efficiency , risk , security andeffectiveness
Protection of information assets (Information Security)
Business Continuity and Disaster Recovery
8/7/2019 Information Assurance the Life Blood of Morden day
11/15
IA organisation at Ernst & Young
Global
TAX ASSURANCE TRANSACTIONADVISORY
SERVICES DEPARTMENT AT Ernst & Young GLOBAL
ADVISORY FOR FINANCIAL
SERVICESPERFORMANCE
IMPROVEMENT
IT RISK ASSURANCERISK
8/7/2019 Information Assurance the Life Blood of Morden day
12/15
Big four
The need to maintain high standards hasgenerally required that major accounting firmslook for people with internationally recognised
professional qualifications. Some of these qualifications are CISA, CISM,
CISSP. Getting any of these qualifications providesany assurance that the holder understands
modern issues with regards to informationassurance and is upto date through the CPEprogram.
8/7/2019 Information Assurance the Life Blood of Morden day
13/15
Remuneration
Holders of professional qualifications generally find iteasy to land jobs in management up to seniormanagement getting associated benefits. Titlesassociated with practitioners in this field are
IT Auditor Forensic Expert
IT Security Manager
Assurance manager
IT Risk manager IT Security Officer
IT Security Consultant
8/7/2019 Information Assurance the Life Blood of Morden day
14/15
Word of Advice
A minimum of 5 years professional IS auditing,control and security work experience is requiredfor certification. Two years IS Audit , control or
security may be substituted for a Bachelorsdegree (120 semester college credits or itsequivalent)
Experience must have been gained 10 year prior
to period preceding the application forcertification or within 5 years from date of initialpassing the examination
8/7/2019 Information Assurance the Life Blood of Morden day
15/15
The End