The information technology (IT) landscape continuously evolves, enabling organisations to adapt quickly to change, to be flexible, and to meet business demands. Through the utilisation of technologies such as cloud computing, an organisation could become more competitive and meet targets such as reduced costs, scalability, flexibility, capacity utilisation, higher efficiencies and mobility. Adequate and effective governance of systems and data are parallel to successful operation of an organisation. To ensure effective governance, organisations need to obtain a proper understanding of the benefits, risks and controls related to their IT systems and data.
The presentation provides an overview of cloud computing, governance in the cloud, and guidance to identify and evaluate cloud computing benefits, risks and controls.
Data has been described as the pollution of the information age. As organisations generate ever increasing numbers of data, management need to get better control over how this data is created, maintained, used, shared with third parties, retained and destroyed. Regulations and legal requirements are forcing organisations to take more ownership and accountability for the information they hold on customers and employees. Additionally, as information becomes more valuable as a differentiator between organisations, those intent on compromising this information will continue attempts to breach data protection controls.
This session discusses key risks relating to data, key stakeholders concerned about these risks and a framework that can be used to get better governance and control over their data. Data handlers, data processors, data owners and data custodians and each of their roles in safeguarding corporate data will also be discussed.
Finally, emerging trends in IT relating to data handling such as social media, cloud computing and mobile computing will also be discussed and their implications on reducing data governance risks.
To comply or not to comply? That’s not the question to ask anymore. As there is increased pressure to comply to PCI DSS, and the role of internal audit becomes more important in this area, we explore ways for companies to achieve compliance in a pragmatic yet effective way. PCI DSS 2.0 is now upon us and has changed how organisations think about their compliance strategies, however many companies still struggle to comply and effectively manage both internal and external stakeholders.
The session will discuss practical steps to follow to help focus your PCI DSS initiatives and ensure that they are on track to achieve wider risk management objectives and add further business value. We provide an overview of the key changes within the PCI DSS 2.0 standard. We explore new technologies such as virtualisation, tokenisation, end to end encryption and cloud computing and investigate how they can be embraced to help companies comply with the standard and what impact they may have on mitigation strategies. We also discuss key steps to take to prepare for a QSA or Internal Audit assessment and also present common pitfalls to avoid whilst travelling along the PCI compliance journey.
The views and opinions expressed on the DiscussIT portal are not meant to offend anyone in any way, are not legal proof of any facts and do not necessarily reflect the views and/or opinions of the hosts, producers and management. DiscussIT, the hosts, producers and management accepts no liability for any loss or damages howsoever incurred, or suffered, resulting or arising, from the views and/or opinions expressed on the portal.