White Papers

Understanding Information Risk Management

Business is all about risk and the management of any enterprise is in some manner enterprise risk management. Traditionally the term risk management has been focused on financial and fiduciary business risk. The increased importance of information confidentiality, integrity, and availability in managing an enterprise has caused the recognition that information risk is equally concerning to the health and wellbeing of an enterprise and should be managed accordingly.

Request White Paper

ISO 27001 and SAS 70 – A Comparison of Methodologies and Approaches

Organizations today are faced with many challenges. One of the more difficult questions is how to provide assurance of Information Security, Information Technology, and control environments to third parties. These third parties may be clients, business partners, regulatory bodies, or others. For many years, the SAS 70 Service Auditors Report has been used to meet this requirement. This whitepaper provides an alternate perspective on third party assurance, by comparing and contrasting the SAS 70 process with that of creating an Information Security Management System (ISMS) based upon ISO 27001.

Request White Paper

Understanding Information Risk Management

Business is all about risk and the management of any enterprise is in some manner enterprise risk management. Traditionally the term risk management has been focused on financial and fiduciary business risk. The increased importance of information confidentiality, integrity, and availability in managing an enterprise has caused the recognition that information risk is equally concerning to the health and wellbeing of an enterprise and should be managed accordingly.

Request White Paper

Packaging for Success!

Information Security professionals are finally asking hard questions and expecting hard answers. Part of this metamorphosis, of course, is due to the long overdue recognition that information security is not just a technology problem, although there are certainly significant technical components. Much of this credit must certainly be given to recently embraced standards such as ISO 27001, which expanded information security from technology security to information in any form. This has had the effect of requiring traditional information security programs to interface with other enterprise programs such as Human Resources, Physical Security, Legal, and others in order to provide a holistic approach. Another milestone was the recognition of synergies with other disciplines such as Risk Management, Quality Management, and I.T. Service Management (ITIL). This has allowed us to look at common management solutions in order to solve common management problems.

Request White Paper