Limit search to available items
Book Cover

Title Say what you do : building a framework of IT controls, policies, standards, and procedures / Dorian J. Cougias ... [and others.]
Published Lecanto, Fla. : Schaser-Vartan Books, [2007]
Lecanto, Fla. : Schaser-Vartan Books, c2007


Location Call no. Vol. Availability
 MELB  004.068 Cou/Swy  AVAILABLE
Description 402 pages : illustrations ; 23 cm
Series Unified compliance framework series ; v. 2
Unified compliance framework series ; v. 2
Contents Contents note continued: Guidance from the authorities -- Defining the scope of the organizational compliance framework and controls for your organization -- Defining rules that govern information technology -- Identify information processes and applications significant to the organization -- Defining systems by identifying their boundaries and assigning them to a category -- Establish an organizational framework of policies, standards, and procedures -- Products and services to help you along -- 3rd Party templates -- Altius risk management policies -- Bizmanualz pre-written procedures -- RUsecure information security templates -- Sample compliance framework -- Framework description -- Authority guidance criteria -- Certification of process maturity levels -- Sample policy and procedure for creating policies and procedures -- Software tools -- Pathworks -- Policy & Procedure Manager -- Systems Continuity Plan Pro -- NetiQ VigilEnt Policy Center --
Contents note continued: SmartDraw business graphics software -- Make your life easier -- The Language of Compliance -- The IT Compliance Institute -- The primary authors -- Dorian J. Cougias, swc -- Marcelo Halpern, esq
Contents note continued: The policy and procedure review and approval process -- Providing the necessary resources -- Monitoring and controlling the process -- From defined (3) to managed (4) -- Ensuring full dissemination of defined policies and procedures -- Establishing a communications strategy -- Creating organizational standards -- Managing your configurations -- In order to manage change, you will need a change model -- The Request For Change (RFC) -- Establishing the change management team -- Change logging and managing the change process -- Collecting improvement information through a control plan -- From managed (4) to Optimizing (5) -- Establishing quantitative objectives for the measurement of procedures and processes -- Stabilizing sub-performance procedures -- A self-audit guide for analyzing your compliance framework of policies and procedures -- Analyzing the acceptance of framework controls -- Determining your various levels of maturity --
Contents note continued: Why you have to document your processes before you create your policies, standards, and procedures -- Establishing the team -- Bringing stakeholders into the loop to help document a process you've never performed -- Control and process analysis --- determining what the control is supposed to accomplish -- What are the other controls that tie to this one? -- Rough cut the "flow" of the process -- Identify potential problems -- Rough cut documentation of your process -- Analyze scope of IT assets -- Analyze the roles of who should be involved -- Determining the prerequisite tools -- Determine prerequisite knowledge needed -- Describe what "success" looks like -- Create the "success" reports -- Have someone else run through the process -- Identify short term improvements with the control process -- From repeatable (2) to defined (3) -- On writing well -- Creating policies -- Crime and punishment: the missing policy -- Documenting your procedures --
Machine generated contents note: Say What You Do Building a framework of IT controls, policies, standards, and procedures -- Dedication and Introduction -- Here's what to avoid -- Defining a unified compliance framework -- What does it mean "to comply?" -- Authority documents: regulations, principles, standards, guidelines, best practices, policies, and procedures -- The process of building your framework of IT controls, policies, standards, and procedures -- How process maturity models relate to compliance -- What are the frameworks for compliance? -- The major frameworks used for establishing IT controls -- The Unified Compliance Framework (UCF) -- Creating your information management framework -- Creating a framework of controls, a high level overview -- A guideline for scoping controls -- Creating your own compliance framework -- Setting framework development goals -- From initial (I) to repeatable (2) --
Notes Includes index
Subject Computer systems -- Compliance
Author Cougias, Dorian J.
ISBN 9780972903967