Security Integration

One misconception found in businesses today across many industries is that IT Security and the Corporate Governance function are only related where specific controls overlap that satisfy the goals of both functions. This is readily apparent when you compare the security events that are monitored by the IT Security function (e.g. Logons, Logoffs) to audited business processes surrounding corporate assets (e.g. Procurement Approvals).

There are few IT organizations that accurately document information assets residing in their own environments (e.g. information asset classification). There are even fewer "best practice" organizations that significantly customize their monitoring processes to generate notifications for high risk assets vs. generic events on equipment that may run high value applications.

To establish an effective controls monitoring capability, the ability to rapidly define the relationship between a framework, regulation or procedural component and the specific system generated event that represents that component is invaluable. Once defined, the relationship model is used to perform a "Gap Analysis" of your organization’s process and control hierarchy.