The Effect
of Security and Compliance on Productivity Interchange
July 24, 2007
Focus: This Interchange focused on the balance
of restricting the user due to security reasons and the user
being able to get their job done.
These are some of the key points or tips that were given during
the Interchange.
-There is an overlap of financial auditing and information
security.
-Determine what is significant when it comes down to being
audited.
-Don’t let SOX controls get overly detailed.
-Security compliance is going to tip productivity a bit.
-To implement a change management process, top down pressure
is essential.
-State policies and conduct audits to ensure they are being
enforced.
-Educate the user and show them the impact it has on them.
(Ownership)
-SOX is a framework and you as the company determine your own
controls.
-Top executives have to support the change and be bought into
the ideas.
-Try to engage other departments when trying to sell corporate
governance. Get them involved.
-IT governance and business continutity is now going to encompass
SOX. (Acceptable use policy)
Restrictions of users:
-Administrative access and the risk involved in granting it.
-Conversions of machines and levels of access.
-Assign a second user name if administrative access is needed
from home.
-Web Sense is a tool that tracks where a user has been on the
Internet.
-Disable wireless from lap tops and boot up time should decrease.
-Conduct internal audits to help gather audit information together.
You could also work with an outside company to help you do
this.
Tool:
Team Track is a change control system.
Oracle Identity Manager-deals with account provisions.
Comments/Benefits:
Learning from other companies/My learning experience has been
limited – Understand how others are implementing their
security compliance
Tools/Streamline efforts
Ideas of certifications related to audit/Achieve compliance
without focusing on audit
SOX/Learn what other companies are doing
Educational/Hearing from experts
Ideas & Practices/Help gauge our progress
Technology Solutions/What can I use at my company
Experts
Managing auditors
Laptop security
Policies & Procedures
|
