IT AUDIT Articles
Creating a cloud SLA from diagnostic data
Where do you start in order to have a successful port of applications into a private/public cloud? Greg Machler provides tips on creating a Service Level Agreement from the collection of diagnostic data
New scoring systems for software security: CWSS and CWRAF
Companies get a framework to evaluate software vulnerabilities, as the consequences of failing to patch flaws become clearer.
Checklist for a successful security assessment
You're a CSO within a large corporation and you want to make sure you know that your most critical IT risks are identified and properly rated. Gregory Machler breaks down the essential components of a thorough risk assessment
Making the ROI case for GRC platforms
The ultimate goal of GRC is to support business agility, but be ready to supply your CFO with these additional details
PCI DSS compliance cuts breach risk, says report
Organizations that are PCI DSS compliant suffer fewer breaches, but most do not think the standards have had a positive impact on security
Industry association aims to bolster SCADA security
The International Society of Automation (ISA) calls for industrial system standard security analysis in wake of Stuxnet.
ISACA launches audit program for social media governance
The Social Media Audit/Assurance Program focuses on effective policies, training and awareness, and monitoring, according to ISACA.
IT GRC tools: Control your environment
IT governance, risk and compliance (GRC) tools help bring order to enterprises' crazy quilt of overlapping regulations, redundant audit programs and manual processes
Dos and don'ts for IT GRC success
Throwing tools at the problem won't get you anywhere. Experts provide IT GRC guidance for making your life simpler - not more complicated.
eGRC vs. IT GRC
Defining GRC tools and the GRC market is tricky as the line between eGRC and IT GRC blurs
