Is IT Compliance A Profession? A Workshop on Refining Our Common Body of Knowledge, Skills and Ethics Peter T. Davis Principal Peter Davis+Associates.

Slides:

Advertisements

Similar presentations

IT Security Policy Framework

Advertisements

Assessment Report Computer Science School of Science and Mathematics Kad Lakshmanan Chair Sandeep R. Mitra Assessment Coordinator.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

Dr. Julian Lo Consulting Director ITIL v3 Expert

11 th International Symposium Loss Prevention and Process Safety Promotion in the Process Industries 1 OECD Workshop on Sharing Experience in the Training.

Security Controls – What Works

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Quality evaluation and improvement for Internal Audit

Supplier Ethics: Program Checklist

Continuing Professional Development Standards, principles, and practices.

Project Quality Management

Diploma of Project Management Course Outline NSW Course Number Qualification Code BSB51407.

What is data quality? An introduction to the culture and philosophy of collecting and using accurate and useful data.

Legislative Review Regulated Health Professions Act Manitoba Chiropractors’ Association AGM March 22, 2009 Dr. Dan Wilson.

Internal Auditing and Outsourcing

Project Human Resource Management

How get your project management or professional services organization ISO 9001 certified.

Certificate IV in Project Management Project Management Environment Course Number Qualification Code BSB41507.

Building Capacity to Direct Auditing Resources to Greatest Effect Gert van der Linde, World Bank Uganda, Kampala May 19, 2004.

PEM-PAL - 2nd Internal auditors’ Community of Practice Workshop

Electronic Records Management: What Management Needs to Know May 2009.

Organization and Implementation of a National Regulatory Program for the Control of Radiation Sources Staffing and Training.

91 st Annual General Meeting PD Seminar APEGM Continuing Professional Development Program A Summary.

Resources, Recruitment, Qualifications, Complaints….Oh My! UC DAVIS OFFICE OF RESEARCH May 22, 2014 Miles McFann, CIP Outreach, Training and Education.

The Guide to the Software Engineering Body of Knowledge

The Engineering Body of Knowledge Joint Engineers Conference 07 November 2014 Helena, MT Robert A. Green, P.E., F. NSPE President National Society.

Challenges in Infosecurity Practices at IT Organizations

Republic of the Sudan The National Audit Chamber (NAC) Presentation to: INTOSAI Capacity Building Committee (CBC) Stockholm – September 8, 2015.

Nata Raju Gurrapu Agenda What is Information and Security. Industry Standards Job Profiles Certifications Tips.

Diploma of Project Management Project Management Environment Course Number Qualification Code BSB51507.

Taking the STANDARDS Seriously... what they are and why they are so critically important to internal audit professionalism.

ICTF Conference – Workshop – 2010 Sarah Lawson – IT Coordinator, NPEU

Privacy Project Framework & Structure HIPAA Summit Brent Saunders

ANZI/AIHA Z Occupational Health and Safety Management Systems.

S-1 © RGP & UW-CISA 2010 Business & Technology Environment Summer 2010 Robert G Parker.

Dr. A.K.M. Saiful Majid Professor,IBA University of Dhaka.

2nd PEM-PAL plenary Zagreb January 28, 2011

BSBPMG404A Apply Quality Management Techniques Apply Quality Management Techniques Project Quality Processes C ertificate IV in Project Management

Security Training and Awareness Brad Reed, IT Security Analyst OIT – Information Security Office Securing the University – ITSS 2015.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Globaliia.org Professionalism Angela Witzany, Vice Chair – Professional Guidance.

Implementation of Insurance Core Principles and FSAP Evaluations The Portuguese FSAP experience Gabriel Bernardino Instituto de Seguros de Portugal.

Mesa Mental Health HIPAA Summit West, June 5, HIPAA Compliance Case Study: Practical HIPAA Compliance Strategies for Small Providers Session 2.07;

Compliance at the Crossroads: How can the Compliance Profession Move to the Second Generation? A Practical Approach to Integrating Compliance, Risk and.

© BLR ® —Business & Legal Resources 1501 Essential HR For Those Who Have Recently Assumed HR Responsibilities.

Internal Audit Quality Assessment Guide

What is ISO Certification? Information is a valuable asset that can make or break your business. When properly managed it allows you to operate.

Records Coordinator Roles and Records Skills Kathryn Dan.

Dr. Ir. Yeffry Handoko Putra

Dr. Yeffry Handoko Putra, M.T

Accountability & Structured Privacy Management

IS4680 Security Auditing for Compliance

Higher Education Information Security Council

Preparing a Trustworthy Domain Repository for ISO Certification

EITS Planning & Decision Support

Project Human Resource Management

GDPR Awareness and Training Workshop

INTERNAL AUDIT IN ARMENIA

Privacy Project Framework & Structure

Policy Patty Toolkit OUR STORY Patty P. Tehrani

The Strategic Role of Human Resources Management

Public Internal Control (PIC) in Belgium

ISO IEC Toolkit ALL the knowledge and skills you need to meet your Information Security Management Systems standards can be found right here!

Proposal Development Support & Planning

How to build your Integrated

Taking the STANDARDS Seriously

Kenya Mann Faulkner Chief Ethics & Compliance Officer April 2019

WELCOME TO THE SASSETA 2019 ROAD SHOW Presented by (Research Department) YOUR PARTNER IN SKILLS DEVELOPMENT.

Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham

Presentation transcript:

Is IT Compliance A Profession? A Workshop on Refining Our Common Body of Knowledge, Skills and Ethics Peter T. Davis Principal Peter Davis+Associates

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 1 The Need Is compliance a profession or a job? Is there a need for a certification? Should the ITCi offer the certification? Or should they partner with someone else?

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 2 Professional Requirements Professions require 1.Code of Ethics 2.Body of Knowledge 3.Testing on the body of knowledge 4.Regulation

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 3 Qualifications Experience —Years —Disciplines Exam Code of Ethics Sponsor Grandfathering?

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 4 COMPBOK What is included in the Body of Knowledge? What will we call it? Do you think people would respond to a survey on job specifications? Should ITCi go for ANSI certification?

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 5 Suggested Table of Contents Management principles IT Governance Laws and regulations Records management Ethics Security Privacy Risk management Control self-assessment Investigations Performance management

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 6 Management Principles Processes and Business process mapping Controls and testing Plan  Organize  Staff  Direct  Control and PDCA/PDSA and DMAIC/DMADV Organizational and committee structure Marketing; influence without authority Budgeting Awareness and training Policy framework

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 7 IT Governance C OBI T ITIL ISO M_o_R CRAMM MSP PMBOK PRINCE2 CMMI Six Sigma

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 8 Laws and Regulations Legal concepts, e.g., evidence, eDiscovery Which ones? —SOX/Bill 198 —HIPAA —GLBA —PCI DSS —Privacy —Electronic evidence; e.g., FRCP

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 9 Records Management Legal requirements Guidelines Record retention policy Retention schedules Enabling technologies

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 10 Ethics “Tone at the Top” Legal and regulatory requirements Ethics topics Ethical fallacies and dilemmas Code of Conduct Ethics plan

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 11 Security CIA Compliance tools

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 12 Privacy Concepts Privacy enhancing technologies, i.e., PET

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 13 Risk Management Concepts Definitions Process Quantitative vs. qualitative

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 14 Control Self-Assessment Concepts Techniques Surveys

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 15 Investigations Organization Incident handling Forensics Reporting

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 16 Performance Management Process Definitions Metrics Reporting Maturity model?

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 17 Solicitation Would you like to help?

IT COMPLIANCE CONFERENCE 2007 | Your Presentation Title Goes Here—To edit, go to View>Header and Footer P. 18 Questions and Answers

Contact Information Peter T. Davis, Principal Peter Davis+Associates Please Complete Your Session Evaluation