IT compliance


Published on

Published in: Education, Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • A successful E-commerce web-site in Vietnam. It provides the sales off, hotdeal of the different goods, services.
  • Four biggest Audit Firmthe need to generate some new legislation to prevent, detect and correct such aberrations appearsBest way to inspire trust to organizations’ stakeholders or governmental agenciesrequired for an organization to remain legal
  • Compliance: VN rule is Helmet when riding MotorbikeSecurity: Wearing strong helmet + jacket…
  • Regulations: working 9ham – 5hpm, VAT 10%, Laws: Killing people is against the law. Industry-specific: Food, pharmacy industry law suites.
  • Control Objectives for Information and Related Technology (COBIT) is a framework created by ISACA for information technology (IT) management and IT governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.Committee of Sponsoring Organizations (COSO): providing thought leadership to executive management and governance entities on critical aspects of organizational governance, business ethics, internal control, enterprise risk management, fraud, and financial reportingSarbanes–Oxley Act (SOX): Enhanced strandards for all U.S. public company boards, management and public accounting firms. Individually certify the accuracy of financial information. Increase the independence of the outside auditors
  • NIST: National Institute of Standards and Technology
  • Compliance policies: Activities creation and dissemination of policies, protection of confidential or sensitive information such as customer data, employee records, financial information, intellectual properties and others.Direct cost – the direct expense outlay to accomplish a given activity.Indirect cost – the amount of time, effort and other organizational resources spent, but not as a direct cash outlay.Opportunity cost – the cost resulting from lost business opportunities as a result of compliance infractions that diminish the organization’s reputation and goodwill.
  • IT compliance

    1. 1. IT COMPLIANCE Group 8: - Phan Dinh Vuong - Vuong Tat Khang Instructor: Prof.Dr.Martin Knahl
    2. 2. Compliance means? Obey, follow the laws, rules, demands,etc.
    3. 3. Big Deal Source: 18/08/2013
    4. 4. Question mark Question 1: Can we export this successful model of “HOTDEAL” Service to Germany?
    5. 5. Question 2: If the “Hotdeal” service is at highest level of IT security (data protection, encryption, etc.). Would it be sufficient to export to Germany? Question mark
    6. 6. 1. Why IT Compliance. 2. What is IT Compliance. 3. Framework, standards, practices 4. How to Assess IT Compliance 5. Cost framework of IT Compliance 6. Compliance Vs Non-Compliance. 7. Practical Results from market research. Main Points
    7. 7. ENRON Scandal 2001
    9. 9. BIG FOUR’S SECURITY SURVEY (IN 2006) Source: Ernst & Young. 2006 Global Information Security Survey. Technical report, 2006. Available at$file/EY_GISS2006.pdf. Trend 4 Trend 5 Trend 6 The impact of compliance continues to grow. Compliance is promoting teaming between information security and other functional business groups. Compliance is improving information security.
    10. 10. - Laws, rules and regulations (could be industry specific) - Considered as mandatory Example: National Data Protection Acts, Informatic and liberty Law, Financial Security law, SOX, EUROSoX, Basel II, HIPPA, - Standards, Frameworks and Security Practices. - Optimization perspective Example: ISO 9000, ISO 13335, ISO 17799:2005, ISO 2700x, COBIT, COSO etc.
    11. 11. Source: Focus on validating of following the Rules Static and slow to be updated Focus on protection Dynamic
    12. 12. IT Compliance types Regulation Compliance • E.g. working 9ham – 5hpm, VAT 10% Legal (Law) Compliance • E.g:Killing people is against the law Industry-specific Compliance • Food, pharmacy industry law suites
    13. 13. IT Compliance frameworks, standards, practices SOX • Enhanced standards certify accuracy of financial info COSO • Mgmt & governance critical aspects: risk mgmt, fraud,etc. COBIT • Best practice Framework for IT Mgmt & IT Governance ISO 9000, ISO 2700x, etc.
    14. 14. Typical Information Security Compliance Assessement Source: Tashi, Igli. (2009). Regulatory Compliance and Information
    16. 16. • Regulatory penalties. • Brand damages. • Loss of customer’s trust. Source:
    17. 17. Findings from Market research - Conduct independent research on privacy, data protection and information security policy - Benchmark study 2011. - 46 multinational companies - 160 functional leaders (CFO, CIO, etc).
    18. 18. Framework Source: Ponemon Institute| Benchmark Study | January 2011
    19. 19. Cost comparison Compliance cost Vs Non-compliance cost?
    20. 20. Framework Source: Ponemon Institute| Benchmark Study | January 2011
    21. 21. IT Appliance Cost Framework Source: Ponemon Institute| Benchmark Study | January 2011
    22. 22. WHAT AFFECTS COST OF COMPLIANCE & NON- COMPLIANCE? •Industry & organizational size •Laws & regulations are main drivers for investment
    23. 23. COMPLIANCE & NON-COMPLIANCE SUPPORT •Effective security strategy  Lower cost of non-compliance •On-going internal Compliance audits  reduce total cost of Compliance.
    24. 24. GAP BETWEEN COMPLIANCE & NON-COMPLIANCE COST •Related to number of records lost or stolen in data breaches (break/compromise the laws)
    25. 25. 10 EFFECTIVENESS ATTRIBUTES 1. Appoint high-level individual to lead compliance 2. Ensure over-sight compliance activities 3. Budget to meet goals, objectives 4. Cross-functional committee oversee local requirements 5. Implement metrics. 6. Senior executives receive critical reports, crisis level. 7. Reduce risk in business & threats of change. 8. Keep pace between changing workforce & security.
    26. 26. Summary 1. Why IT Compliance. 2. What is IT Compliance. 3. Framework, standards, practices 4. How to Assess IT Compliance 5. Cost framework of IT Compliance 6. Compliance Vs Non-Compliance. 7. Practical Results from market research.
    27. 27. Q&A
    28. 28. THANK YOU!
    29. 29. REFERENCES • Tashi, Igli. (2009). Regulatory Compliance and Information Security. IEEE. • Ponemon Institute (2011). The True Cost of Compliance. Benchmark Study of Multinational Organizations. • Big Four’s Security Survey: Ernst & Young. Global Information Security Survey, Technical report, 2006.