Laserfiche WebLink
CHAPTER 2: INTERNAL CONTROL CRITERIA <br />Control Objectives for Information <br />and Related Technology <br />(COBIT) <br />Framework The COBIT Framework, published by the IT Governance Institute <br />(ITGI), states: "It is management's responsibility to safeguard all <br />the assets of the enterprise. To discharge this responsibility as <br />well as to achieve its expectations, management must establish <br />an adequate system of internal control." <br />Information System Audit and <br />Control Association <br />(ISACA) <br />Security Policy "Creating and Enforcing an Effective Information Security Policy" <br />Information Systems Control Journal, Volume 6, 2005 <br />"The main goal of a corporate security policy is to protect data by <br />defining procedures, guidelines and practices for configuring and <br />managing security in the corporate environment. It is imperative <br />that the policy defines the organization's philosophy and <br />requirements for securing information assets. It is also important <br />that the policy outlines how it will apply to corporate employees, <br />processes and environments. Consequences for failed <br />compliance must also be addressed." <br />Business Continuity <br />Plans "IS Auditing Guideline <br />from IT Perspective" <br />Association (ISACA) <br />Business Continuity Plan (BCP) Review <br />Information System Audit and Control <br />"Business continuity planning refers to the process of developing <br />advance arrangements and procedures that enable an <br />organization to respond to an interruption in such a manner that <br />critical business functions continue with planned levels of <br />interruption or essential change. In simpler terms, BCP is the act <br />of proactively strategizing a method to prevent, if possible, and <br />manage the consequences of a disaster, limiting the <br />consequences to the extent that a business can absorb the <br />impact..." <br />"In today's interconnected economy, organizations are more <br />vulnerable than ever to the possibility of technical difficulties <br />disrupting business. Any disaster, from floods or fire to viruses <br />and cyber- terrorism, can affect the availability, integrity and <br />confidentiality of information that is critical to business..." <br />11 <br />