Managerial Primer for Ensuring Information Security

Most enterprises actively seek maximizing stakeholder return on investments and fostering superior customer relations to sustain creation justification. With information technologies considered indispensable to providing processing efficiency, communication expediency and information reliability for stakeholders organizations need to safeguard information assets adequately because they have measurable value.  Management typically requires a governance framework that enables organizational alignments, judicious resource allotments, risk management, value delivery and performance measurements to accomplish this security necessity.

• Forces affecting ISG
• Information security principles
• Information security practices
• Sound strategic and tactical information risk considerations
• Three tiers of enterprise governance examination
• Effectiveness measurement techniques
   

• ISG social responsibility
• Data protection management
• Alternative ISG frameworks
• Organizational structure considerations
• ISG effectiveness measurement
• Information security culture
   

Instituting and sustaining information security governance (ISG) requires comprehensive planning and organizing; robust acquisitions and implementations; effective delivery and support; as well as continuous monitoring and evaluation to address the myriad of managerial, operational, and technical issues that can thwart satisfying an enterprise’s declared mission.  Consequently, information security requires an adaptive balance between sound management and applied technology.  Sound management enables assuring adequate asset safeguarding while applied technology can introduce efficiencies for addressing potential external or internal threats.

Information security design, deployment, and assurance require dedication to continuous improvement to ensure optimum effectiveness and efficiency.  Whereby, confirmation of compliance with legislation, regulations, policies, directives, procedures, standards, and rules enable asserting superior ISG.  Nonetheless, monitoring and evaluating the current state of implemented controls may take a variety of forms; including control self-assessments and information technology (IT) audits.  Furthermore, an IT auditor may not be the individual who executes an organization’s information security internal control review (ICR).  However, an IT auditor may subsequently assess an ICR for effectiveness and/or efficiency.  In the regulatory arena, a negative finding, coupled with prompt corrective actions can mitigate civilly and criminal enforcement penalties, thereby potentially reducing or avoiding legal risks.

This Webinar will benefit :

• Audit committee members
• Risk management managers
• External auditors
• Internal auditors
• Chief Executive Officers
• Chief Information Officers
• Compliance managers
• Chief Information Security Officers
• Information technology professionals
• Control Self-Assessment personnel

Dr. Robert E. Davis obtained a Bachelor of Business Administration in Accounting and Business Law, a Master of Business Administration in Management Information Systems, and a Doctor of Business Administration in Information Systems Management from Temple, West Chester, and Walden University; respectively. Moreover, during his twenty years of involvement in education, Dr. Davis acquired Postgraduate and Professional Technical licenses in Computer Science and Computer Systems Technology. Dr. Davis also obtained the Certified Information Systems Auditor (CISA) certificate — after passing the 1988 Information Systems Audit and Control Association’s rigorous three hundred and fifty multiple-choice questions examination; and was conferred the Certified Internal Controls Auditor (CICA) certificate by the Institute for Internal Controls.

Since starting his career as an information systems (IS) auditor, Robert has provided data security consulting and IS auditing services to corporations as well as other organizations; in staff through management positions. Before engaging in the practice of IS auditing and information security consulting; Robert (as a corporate employee) provided inventory as well as general accounting services to Philip Morris, USA, and general accounting services to Philadelphia National Bank (Wells Fargo). Furthermore, he has prior experience as a freelance writer of IT audit and information security training material.

Dr. Davis received recognition as an accomplished, energetic auditor, author, and speaker with a sound mix of experience and skills in monitoring and evaluating controls. Based on his accomplishments, Temple University's Fox School of Business and Management Alumni Newsletter, as well as The Institute for Internal Controls e-newsletter featured Dr. Davis. Furthermore, he is an Advisory Board Member of The Institute for Internal Controls, the first and inaugural Temple University CISA in Residence and a founding Temple University Master of Science in IT Auditing and Cyber-Security Advisory Councilmen. Last, he accepted invitations to join Delta Mu Delta International Honor Society, the Golden Key International Honour Society, the Thomson Reuters' Expert Witness List, the IT Governance LTD expert panel, as well as the International Association of IT Governance Standards honorary membership group.