Modernized COSO Framework and Data Protection
The Modernized COSO Framework’s Impact on Business
The new modernized COSO framework will affect business in three big ways:
- Articulating the role of a company when outsourcing. While today’s businesses can outsource many activities, they can never outsource responsibility.
- Putting fraud right out in the forefront. A business’s control structure must now address issues of fraud directly.
- Highlighting the critical nature of IT. Information technology is a needed component that cannot be avoided in today’s business environment. Let’s face it, we simply don’t use manual ledgers anymore.
Local Data Protection Approaches
- File Encryption
- Laptops
- Desktops
- Full Disk Encryption
- Laptops
- Desktops
- Encryption of Removable Media
- USB-enabled Devices: Flash Drives, iPods, Bluetooth devices
- Thumb Drives, Hard Disks
- CD/DVD Writers
- Password and PIN Controls
- Blackberry
- Other PDA Devices
- Standards and guidelines for data classification, usage and protection, access control, and encryption.
Security in the Cloud
Responsibility for security resides with the company owning the data.
Firms must ensure providers provide adequate protection:
- Where data are stored
- Meeting corporate requirements, legal privacy laws
- Segregation of data from other clients
- Audits and security certifications
- Service level agreements (SLAs)
Business Continuity vs. Disaster Recovery
These are not the same thing
Business Continuity (BC): Considers the academic, research, and business functioning of the institution as a whole. Includes risk assessment and plans for functional units and business processes. Potentially wider variety of scenarios to consider.
Disaster Recovery (DR): IT activities to enable recovery to an acceptable condition after a disaster. BC includes DR. DR requires guidance from BC to direct priorities and set scope.
Why Outsource? Survey Results
Key drivers for Outsourcing (Survey Results)
- Access best-in-class business processes
- Harness leading technologies
- Increase efficiencies
- Enhance capabilities
- Expand Service
- Enrich customer relations
- Improve supplier relations
- Free up management time
- Decrease operating costs
What is a Service Level Agreement (SLA)?
A performance-based technique where a written agreement is established between the customer and service provider that defines key service objectives, metrics, and acceptable quality levels (AQLs).
- Primarily used in information technology (IT) procurements
- Expanding into other sustainment-type services
Why Adopt ITIL?
- It aligns with IT business goals and service objectives.
- It is process-driven, scalable, and flexible.
- Reduce IT costs yet providing optimal services.
- Increase relationship and communication among different departments, employees, customers, and users.
- Successfully adapted by HP, IBM, PG, Shell Oil, Boeing, Microsoft, P&G State of CA.
What is Green Computing?
Green computing is the practice of using computing resources efficiently.
Designing, manufacturing, and disposing computer servers with no impact on the environment.
To reduce the use of hazardous materials, maximize energy efficiency during the product’s lifetime.
COBIT vs. ITIL
- COBIT
- Control Focused
- Uses IT metrics
- Used by auditors
- ITIL
- Strong concentration on processes
- Security is a very important component
- Focused on Service Delivery