Separating Fact from Fiction: Security Technologies for Regulatory Compliance . Diana Kelley, Senior Analyst Burton Group. Agenda. Regulatory compliance – One size does not fit all And compliance is not a product Why “SOX-in-a-box” is a myth Compliance frameworks
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
Diana Kelley, Senior Analyst
Source: ComputerWorld, August 23, 2005, http://www.computerworld.com/hardwaretopics/hardware/story/0,10801,104118,00.html
COSO Components and CoBiT Domains/Objectives (Source: ISACA’s “IT Control Objectives for Sarbanes-Oxley”)
Note: historical forensics and legal forensics are not the same
*Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Act (GLBA), Personal Information Protection and Electronic Documents Act (PIPEDA)