Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Our class focuses on integrating several aspects of information security/assuran

ID: 3685205 • Letter: O

Question

Our class focuses on integrating several aspects of information security/assurance. Part of an overall integrated approach to achieving a comprehensive information assurance program is compliance management. As you are aware there are a number of government regulations that affect both the public and private sector. Please read Learn the Science of Compliance.pdf. The author makes a strong case for centralized management of IT compliance and the use of software tools to assist in managing compliance programs.

You are the CISO of a large private financial company that is traded on the NY Stock Exchange. You were tasked by the the CIO to develop an IT compliance management program for your organization. What approach would you take to develop such a program? What regulations impact the organization? Would you consider the use of a compliance tool? If so which one and how would you justify the expense?

Remember to cite your sources and to give a complete answer to the questions posed above.

Explanation / Answer

Developing it compliance management comes under the concept of "Governance, Risk Management, and Compliance (GRC) are three pillars that work together for the purpose of assuring that an organization meets its objectives. ... Governance is the combination of processes established and executed by the board of directors(BOD) that are reflected in the organization's structure and how it is managed and led toward achieving goals. Risk management is predicting and managing risks that could hinder the organization to achieve its objectives. Compliance with the company's policies and procedures, laws and regulations, strong and efficient governance is considered key to an organization's success." [4]

GRC is a discipline that aims to synchronize information and activity across governance, risk management and compliance in order to operate more efficiently, enable effective information sharing, more effectively report activities and avoid wasteful overlaps. Although interpreted differently in various organizations, GRC typically encompasses activities such as corporate governance, enterprise risk management (ERM) and corporate compliance with applicable laws and regulations.

Organizations reach a size where coordinated control over GRC activities is required to operate effectively. Each of these three disciplines creates information of value to the other two, and all three impact the same technologies, people, processes and information.

Related Questions

Ounerwist hoted, il 2 pts. for each blank) Data, Trial 1 Data, Trial 2 3.OOM Mol
Question #704905
Our Architecture team is proposing a framework that would see our SQL queries mo
Question #642135
Our ArrayList object relies on which of these methods to increase capacity? A. A
Question #3755562
Our ArrayStack class implements a bounded stack. The LLNode class is a self-refe
Question #3796773
Our Battleship game needs to store a set of ships. Create a new class called Shi
Question #3702197
Our Classroom-A×. | Course Home x, @Take a Test-kama× econsider The Fol KCSecure
Question #2328194
Our Federal corporate tax laws provide numerous incentives intended to promote c
Question #418403
Our Lakewood facility would benefit from an additional unit (NPV=$10,000). We co
Question #426769
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Our circuit: http://i90.photobucket.com/albums/k248/Kas0988/NV2.jpg \"For the cu
Next
Our class has 21 students of which 9 are Civil Engineering majors. Suppose I nee

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.