Muutke küpsiste eelistusi

E-raamat: Strong Security Governance through Integration and Automation: A Practical Guide to Building an Integrated GRC Framework for Your Organization [Taylor & Francis e-raamat]

  • Formaat: 302 pages, 68 Tables, black and white; 37 Line drawings, black and white; 24 Halftones, black and white; 61 Illustrations, black and white
  • Sari: Security, Audit and Leadership Series
  • Ilmumisaeg: 24-Dec-2021
  • Kirjastus: CRC Press
  • ISBN-13: 9781003018100
Teised raamatud teemal:
  • Taylor & Francis e-raamat
  • Hind: 101,56 €*
  • * hind, mis tagab piiramatu üheaegsete kasutajate arvuga ligipääsu piiramatuks ajaks
  • Tavahind: 145,08 €
  • Säästad 30%
Strong Security Governance through Integration and Automation: A Practical Guide to Building an Integrated GRC Framework for Your OrganizationSuurem pilt
  • Formaat: 302 pages, 68 Tables, black and white; 37 Line drawings, black and white; 24 Halftones, black and white; 61 Illustrations, black and white
  • Sari: Security, Audit and Leadership Series
  • Ilmumisaeg: 24-Dec-2021
  • Kirjastus: CRC Press
  • ISBN-13: 9781003018100
Teised raamatud teemal:
Taylor & Francis e-raamatudRohkem infot Taylor & Francis e-raamatute kohta
Raamatu kodulehekülg: https://www.taylorfrancis.com/books/9781003018100
"This book provides step by step directions for organizations to adopt a security and compliance related architecture according to mandatory legal provisions and standards prescribed for their industry, as well as the methodology to maintain the compliances. It sets a unique mechanism for monitoring controls and a dashboard to maintain the level of compliances. It aims at integration and automation to reduce the fatigue of frequent compliance audits and build a standard baseline of controls to comply with the applicable standards and regulations to which the organization is subject. It is a perfect reference book for professionals in the field of IT governance, risk management, and compliance. The book also illustrates the concepts with charts, checklists, and flow diagrams to enable management to map controls with compliances"--

This book provides step by step directions for organizations to adopt a security and compliance related architecture according to mandatory legal provisions and standards prescribed for their industry, as well as the methodology to maintain the compliances.



This book provides step by step directions for organizations to adopt a security and compliance related architecture according to mandatory legal provisions and standards prescribed for their industry, as well as the methodology to maintain the compliances. It sets a unique mechanism for monitoring controls and a dashboard to maintain the level of compliances. It aims at integration and automation to reduce the fatigue of frequent compliance audits and build a standard baseline of controls to comply with the applicable standards and regulations to which the organization is subject. It is a perfect reference book for professionals in the field of IT governance, risk management, and compliance. The book also illustrates the concepts with charts, checklists, and flow diagrams to enable management to map controls with compliances.

Preface xv
1 Business Impact of Emerging Technologies and Trends 1(20)
Introduction
1(1)
Artificial Intelligence
1(1)
Augmented Reality
2(1)
Blockchain Technology
3(1)
Drones
4(2)
Applying for a Drone License for Commercial Use
5(1)
Internet of Things
6(1)
Robotics
6(1)
3D Printing
7(1)
Virtual Reality
7(13)
Change in the Way Business Is Done
7(2)
Some Prevalent Types of Computing
9(3)
Risks Surrounding Business and Technology Connected to Them
12(1)
Need for Compliance
12(1)
Use of Tools to Ease the Compliance Process
13(1)
Building a Compliance Framework
13(7)
Conclusion
20(1)
2 Challenges and Roadblocks to Compliance 21(28)
The Pain Points in GRC
21(2)
NIST Cybersecurity Framework
23(1)
Compliance Can Be Attested or Assurance Function
24(1)
Challenges to Address Security Governance in the Organization
24(2)
To Combat Incidence of Security Breaches
24(1)
Existence of Skill Gaps
25(1)
Challenge of Connected Devices
25(1)
Changing Face of Technology
25(1)
Data Governance
26(1)
Data Governance Serves to Overcome the Following Obstacles
27(1)
Delay in Submission of Compliance Reports
27(1)
Avoids Breach of Data Integrity by Secure Access
27(1)
Removes the Fear of Wrong Comprehension of Data and
Data Subjects
27(1)
Allows Better Centralized Control Over Compliance and Other Data
27(1)
Data Governance Brings Autonomy and Reduces the Dependence on Individual Employees
27(2)
Size of Data
28(1)
Existence of Legacy Data
28(1)
Regulatory Requirements of Business Continuity
28(1)
Challenges in Cloud Computing
28(1)
Challenges with Cloud Services
29(2)
Security Issues
29(1)
Cost Management and Containment
29(1)
Lack of Resources or Expertise
30(1)
Governance/Control
30(1)
Compliance
30(1)
Managing Multiple Clouds
30(1)
Performance
31(1)
Segmented Usage and Adoption
31(1)
Migration
31(1)
Compliance Issues for Specific Industries
31(7)
Challenges in Healthcare Industry
31(5)
Healthcare's Attack Surface Is Growing
32(1)
Use of Old Hardware and Software
33(1)
Healthcare Gives Low Priority to Cybersecurity Risks
33(1)
Healthcare Is Interconnected
33(1)
Stolen Healthcare Data Is Valuable
34(1)
Patients Are Given Access Rights to Medical Data
34(1)
Limited Budget for Cybersecurity
34(1)
Lack of Cybersecurity Education
34(1)
Healthcare Industry to Comply with GDPR
35(1)
Change in Legal and Regulatory Provisions
35(1)
There Is No Accountability for Cybersecurity
35(1)
HITRUST
35(1)
Compliance Challenges for Banking and Financial Services
36(3)
Acute Competition
36(1)
Increase in Breaches
37(1)
Changing Business Models
37(1)
Addressing Issues of Making a 'Global Footprint'
37(1)
Adapting to Rapid Changes
37(1)
Technology Challenge
38(1)
Supervisory Pressure
38(1)
Use of Mobile Banking Applications
38(1)
Some Banking-Related Compliances
38(1)
SOX Compliance and Data Security
39(2)
Top Compliance Challenges Facing Logistics Industry
40(1)
Third-Party Service Providers
41(1)
Challenges in Implementation of GDPR
41(4)
Keeping Abreast of Changes
42(1)
Maintaining Accountability and Transparency in Operations
42(1)
Complex Technology That Is Constantly Being Added to the Suite
42(1)
Lack of Awareness, Education, and Cultural Barriers
43(1)
Ensuring Third-Party Compliance
43(1)
Data Breaches and Cyberattacks
43(11)
Build Strong and Adaptable Foundations
43(1)
Conduct Due Diligence on Third-Party Service Providers
43(1)
Embed a Security- and Compliance-Aware Business Culture
44(1)
Obtaining Right Skill Sets for Technology
44(1)
Make Security and Data Protection a Priority
44(1)
Monitoring and Reporting
44(1)
Need for a Well-Drafted Compliance Plan
44(1)
ePrivacy Regulation
45(1)
Security Policy Implementation
45(1)
Employees Are Assets but Sometimes Pose a Challenge
46(1)
Conclusion
46(1)
Coming Next
47(2)
3 Adopting an Integrated Approach 49(26)
PDCA Approach to Building Organizational Framework
51(1)
Categories of Compliance
52(1)
Weaving Compliance into the Organizational Setup
53(1)
Appointment of a Compliance Officer
54(4)
Understanding Organizational Processes and Structure
55 (1)
Compliance Analytics for Identifying and Validating Compliance Requirements
56(1)
Conducting Compliance Risk Assessment
56(1)
Compliance Analytics Is an Ongoing Program
57(1)
Choosing and Tailoring an Appropriate GRC Framework
57(1)
Steps in Building a GRC Framework
58(1)
Stakeholder Participation in GRC Strategy
59(1)
Building a Hybrid Security Framework
60(1)
Finding a Right Fit
60(1)
Components of GRC Framework
61(1)
Information Security Governance Framework
62(1)
Cybersecurity Framework, a Part of Security Governance
63(2)
Other Frameworks
65(1)
Risk Governance/Framework
65(1)
Risk Identification
66(1)
Risk Monitoring and Reporting
67(1)
Risk Governance
67(1)
Common Risk Frameworks
67(2)
Risk IT Framework (ISACA)
67(1)
IRGC Risk Framework
68(1)
Formulating an Integrated Compliance Framework
69(1)
Compliance Programs
69(1)
Automation for Better Compliance
70(1)
Compliance Requirements of Partner Organization and Due Diligence during Contract Signing
71(1)
Compliance Training
72(1)
Compliance Audit
72(1)
Follow-Up Action by Management
73(1)
Conclusion
74(1)
Going Further
74(1)
4 Compliance Frameworks - Possible Solutions 75(38)
IT Governance
76(1)
Compliance Standards and Guidelines
76(1)
IT Governance Frameworks
76(8)
COSO (Committee of Sponsoring Organizations)
76(2)
COBIT (Control Objectives for Information Technology)
78(2)
ITIL
80(1)
Sarbanes-Oxley Compliance
81(1)
ISO/IEC 38500
82(2)
Strengths
83(1)
Constraints
83(1)
Advantages of ISO/IEC 38500 - IT Governance
84(19)
Risk Frameworks
85(4)
ISO 31000:2009, Risk Management
85(2)
IEC 31010, Risk Management
87(1)
FAIR (Factor Analysis of Information Risk)
87(1)
The International Risk Governance Council (IRGC)
87(1)
Enterprise Risk Management (ERM)
88(1)
NIST Cybersecurity Framework
89(1)
Octave
90(1)
CIS Critical Security Controls
90(3)
Regulatory Compliance
93(5)
Global Data Protection Regulation (GDPR)
93(4)
HITRUST
97(1)
HIPAA
97(1)
Industry-Specific Standards
98(6)
PCI DSS (Payment Card Industry Data Security Standard)
98(5)
Building a Hybrid Security Framework
103(1)
Types of SOC Reports
104(1)
Security
104(1)
Availability
104(1)
Processing Integrity
104(1)
Confidentiality
105(1)
Privacy
105(1)
Certification Readiness
105(1)
Points of Focus in an SOC 2 Audit
105(2)
Annexure A
107(2)
Annexure B
109(2)
Annexure C
111(1)
Annexure D
112(1)
5 Adoption of a Customized Approach to Compliance 113(32)
Setting Right Business Imperatives
113(1)
Need for an Integrated Compliance Framework
114(1)
Mapping of Key Controls
115(2)
Planning an Integrated Framework Befitting the Business and Scale of Operations
117(3)
In Building the Business Case, the Following Factors Have to Be Considered
120(1)
Why Compliance Standards Exist?
120(1)
Options for Building a GRC Framework
121(1)
Components of GRC Framework
121(2)
Some Existing GRC Structures
123(4)
The Three Lines of Defense Model for Management Oversight
123(2)
The First Line of Defense (Functions that Own and Manage Risks)
123(2)
The Second Line of Defense (Stands for Functions that Specialize in the Compliance and/or Management of Risk)
125(1)
The Third Line of Defense (Independent Assurance)
125(1)
Integrated Cybersecurity Governance Model
125(2)
Integrated Management System (or IMS)
127(1)
How to Define a Compliance Framework for the Organization
127(1)
Determining Costs of Compliance
127(1)
Key Capabilities of a GRC Framework
127(1)
Compliance Capabilities Desired by Organizations
128(1)
Purpose of a Compliance Program
129(4)
How to Build an Integrated Framework for Compliance
133(1)
Considerations at the Time of Initiating an Integrated Compliance Program
133(1)
Key Assumptions in Implementing an Effective GRC Program Consists of
134(1)
How to Stitch Multiple Controls Together for Overlapping Controls
134(1)
Control Sheets for Various Standards
135(1)
Implementing an Integration of Two or More Frameworks
136(2)
Metrics to Be Set to Measure Performance
138(1)
Reducing the Risk of Noncompliance
139(1)
Critical Success Factors in Implementing an Integrated Compliance Program
139(1)
Benefits of a Single Integrated Framework for Compliance
140(1)
Internal Audit
140(2)
Standardizing Audit Questions
142(1)
IT Audit and Compliance
143(1)
Conclusion
144(1)
6 Activities/Phases for Achieving Integrated Compliance 145(98)
Illustration 1
145(53)
Forming a Comprehensive Baseline of Controls
195(3)
Illustration 2
198(1)
Conclusion
199(2)
Annexure A
201(42)
7 Designing an Operating Model for Risk and Compliance Aligned with the Business Model 243(28)
GRC Drivers
245(9)
OCEG Model
245(3)
KPMG's GRC Target Operating Model (TOM)
248(3)
The Three Lines Model for GRC
251(3)
GRC Model for Banks
254(3)
Evolution of Virtual Banking
257(2)
Model Monitoring and Control
259(1)
Model Validation
260(1)
Components of Validation
260(3)
GRC Metrics and Measurements
263(2)
Data Integrity
265(1)
Model Control Practices
265(6)
8 Next Steps - Through Automation 271(30)
Need for an Integrated GRC Platform
276(1)
Process of Integrating GRC Function
276(2)
Working on a GRC Strategy for Transformation
278(1)
Good to Keep a Suggestion Box
279(1)
Commonality of Purpose Is Important
279(1)
Creating a Strategic GRC Plan
280(1)
Features of GRC Platforms
281(1)
Criteria for Choice of GRC Application
282(1)
1 It Should Be User-Friendly
282(1)
2 Support Mobile Devices
282(1)
3 Support Cloud Application
282(1)
4 Security
282(1)
5 Cost
282(1)
6 Vendor Support
282(1)
7 Automation
283(1)
Identifying a Business-Ready GRC Solution
283(1)
MIS Reporting
283(7)
1 LogicManager
284(1)
2 SAP's GRC Offering
284(1)
3 MetricStream GRC Platform
285(1)
4 ServiceNow
286(1)
5 The Cura Software GRC Management Platform
287(2)
6 OneTrust
289(1)
Speed of Digital Transformation
290(1)
Three Principles for Organizational Redesign
290(1)
Data Analytics
291(1)
Compliance Analytics Techniques
291(2)
ISO 19600 - A Certification for GRC
293(2)
Governance Risk and Compliance Certification
295(1)
Conclusion
296(1)
Annexure A
297(4)
Case Study 1
297(1)
Case Study 2
297(1)
Case Study 3
298(1)
Case Study 4
298(1)
Case Study 5
298(3)
Index 301
Priti Sikdar, FCA, CISA, CISM, CRISC, ISO 27001 LA, BS 25999 LA, PRINCE 2 (FC) Ms. Sikdar is the author of Practitioners Guide to Business Impact Analysis (BIA) published by Auerbach publishers in July 2017. Ms Sikdar is in the risk, audit and assurance sector for over 25 years and have performed internal audits, compliance standards rollouts, risk assessments and other similar assignments in the GRC space. She has developed the ISO 27001 standard rollout, the ISO 22301 business continuity implementation, risk assessment as per ISO 31000, and many such compliance related implementation and internal audits. She is a recognized trainer and a keynote speaker at security and resilience conferences.

Ms. Sikdar has worked as Head of Finance for Shipping and Logistics Company. She has been Partner with Ray & Co Chartered Accountants where she performed many bank audits relating to risk based, IS audits and data migration and post-implementation audits. She was also into Sarbanes Oxley Compliance where she was performing ITGC and Revenue modules of SOX. She owned ISA Tutorials where she was teaching Chartered Accountant IT audit, IS systems and how to audit in complex technology environments. Ms. Sikdar has worked with Grant Thornton, as Manager Business Risk Services where she has initiated a BS 25999 rollout, SAS 70 assignments and Enterprise Risk assessments. She was with KPMG London where she was doing IT internal audit for Financial Services sector and also was spearheading a big in-house Technology Global Services Project for 6 divisions of Technology within Risk & Assurance function.

Ms. Sikdar has authored two books; Information Systems Audit & Security and Management Information Systems for Final C.A. published by Lawpoint Publishers India. Besides she has been authoring articles and white papers on IS Audit and Business Continuity Planning as well as speaking in International Conferences and ISACA local chapters. Her articles are carried in Indo-Swiss and Indo-US magazines and she does a lot of online mentoring for students appearing for CISA, CISM examinations. Ms. Sikdar gives online consulting for US and South Africa regions on third party assurance, secure infrastructure building, writing of security policies and rolling out an information systems management system in line with ISO 27001 and ISO 22301 standards. As subject matter expert, she is consulted for complex IT audit and control assignments and she is involved in risk assessments and gap analysis for her clients in India.
Püsilink: https://www.kriso.ee/db/9781003018100_pe.html
Märksõnad: