I am working on a white-paper that covers the disconnect between formal audit process and the technical safeguards implemented to ensure internal controls are adequate. As you may have read part 1 of this article series and how I talked about the missing element, this is a continuation delving deeper into the problem. Thoughts? Comments?
“In the wake of undisclosed data breaches and public information exposure, regulatory compliance and security audit standards are becoming ever more important to protecting critical assets.
However; despite this recent upsurge in attacks internal controls seem to fail when it comes to the assurance that critical assets remain uncompromised. Therefore; better standards need to be developed and taken into consideration when going through the formal process to become SOX, GLB, PCI or HIPAA compliant.
This is crucial especially taking into consideration that criminals are in it for monetary gain, in other words we have an evolution towards hacking for profit that completely changes the rules of the game.
Corporations just can’t afford to take short-cuts when it comes to information assurance; otherwise it is almost certain that one will become a victim of a serious exposure of private and confidential data. This paper will explore the several disconnects between established and accepted security audit framework and the factor of unnoticed infection points“