Warning on IT-related risks

Australia`s businesses will have to manage IT-related risks more actively as the federal government embraces electronic commerce and delivery of services, Auditor General Ian McPhee says.

Australian IT reports that McPhee told a recent governance and risk forum: "As a consequence of the continuing move toward e-government and interoperable systems, information security management will become an even more critical issue.

"Service delivery, contract management, systems configuration, storage and business continuity will also become more important issues to be actively managed."

Trek to the summit

00Days

:

00Hrs

:

00Min

:

00Sec

A survey that shows bank compliance officers are fully aware that new IT security resources are needed for them to meet current laws and rules, and they are actively looking for IT partners and budgeting for those expenditures.

According to DMReview, the survey, conducted by phone in June by Reymann Group, surveyed 300 compliance officers in mid-sized financial institutions that ranged from $100 million in assets up to $10 billion. The banks surveyed were predominantly located on the east coast.

According to the survey, 83% percent of respondents are pursuing or exploring how technology solutions can help them, with information security technology being their top focus. Forty-two percent of respondents have allocated budgets specifically earmarked for IT solutions, and 53% plan on creating such a budget in the near future.

Policy management vendor BindView Corp is fronting a new compliance council alongside two professional bodies, with a remit to develop and promote a series of metrics that would provide enterprises with the necessary performance measurements to gauge if they were hitting various IT security compliance requirements.

Computer Business Review Online reports that the goal of the new Security Compliance Council, which is being backed by the Computer Security Institute and The Institute of Internal Auditors, is to promote a better understanding of global IT security compliance requirements.

Bindview has recently been seeding its flagship Compliance Center product with compliance content on regulations such as Sarbanes-Oxley, FISMA, HIPAA, Basel II, and GLBA, so that it can be used by organizations to map IT security controls directly to the regulations. Bindview`s product applies a knowledge base of regulations to industry-accepted frameworks such as ISO 17799, COBIT, or NIST SP800-53. The product will then apply benchmarks such as those developed by the Center for Internet Security to establish the recommended configuration specifications for IT assets.