Blog dedicado al estudio de la Seguridad de la Información - Privacidad - Seguridad Informatica - Auditoria informática.
(Recopilación de principales noticias, eventos, politicas de seguridad, guías de buenas practicas, normas, estándares, herramientas, otros)
jueves, 23 de septiembre de 2010
Top Ten Sources of IT Security Best Practices
This 'Top Ten' list is intended to promote and publicize the existence of best practice standards, frameworks and guidelines for IT security. Most of the best practices are published by international organizations and governmental entities. Although there is some overlap, the perspectives on IT security, risk and controls vary considerably.
At Continental Audit Services (http://www.continentalaudit.com/), our team of IT auditors is constantly assessing IT risks, reviewing controls and making recommendations. The selection of best practice standards and frameworks is integral to our audit process. We have seen how best practices are implemented in the real world sometimes in contrast to the theory and concepts found in published documentation.
This 'Top Ten' list is intended to be used as a reference for IT auditors, security practitioners, risk managers, compliance professionals, IT administrators, software developers and the broad range of IT professionals. We hope to add value to the overall IT professional community.
1. Best practice source: Control Objectives for Information and related Technology (COBIT)
Description: Generally accepted best practices, processes, measures and indicators for IT governance and control.
9. Best practice source: Committee of Sponsoring Organizations of the Treadway Commission (COSO) Framework
Description: Internal control and risk management framework used in compliance with Sarbanes-Oxley Act of 2002.
10. Best practice source: Information Technology Infrastructure Library (ITIL)
Description: Comprehensive set of best practices for IT services management (problem, change, configuration, incident management), development and operations. Published by UK Office of Government Commerce.