Artikel & White Paper

White Paper
Secure Passage through a World of Technological Threats
A Guide to Meeting Emerging Security Requirements by Employing Endpoint Security Solutions
July 2007

Endpoint Security and IT Governance

Information Technology Governance, IT Governance or ICT Governance brings a shift of focus in what IT-wise decision-making standards are concerned. While emphasizing the need for desirable behavior in the use of IT within companies, this new concept relates the performance and effective risk management of information technology systems to choosing decision makers carefully and not limiting them to IT departments. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley, Basel II), as well as the acknowledgement that IT projects can easily pose critical security issues and profoundly affect the performance of an organization.
The traditional handling of IT management by board-level executives is, that due to limited technical experience and IT complexity, key decisions are deferred to IT professionals. IT governance implies a system in which all stakeholders, including the board, internal customers and related areas such as finance, have the necessary input into the decision making process. This prevents a single stakeholder, typically IT, being blamed for poor decisions. It also prevents users from later complaining that the system does not behave or perform as expected and/or required.
The primary goals for information technology governance are to (1) assure that the investments in IT generate business value, and (2) mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications, infrastructure, etc. Moreover, adhering to different business standards, be it legal or best practices recommendations, is an important part of IT Governance.

CoSoSys’ Endpoint Security Solutions can help your enterprise meet the requirements of the following legislation acts, international standards and compliance initiatives:

HIPAA (US)
In 1996, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA). A key goal of HIPAA is to protect medical records by establishing transaction standards for the exchange of health information, security standards, and privacy standards for the use and disclosure of individually identifiable health information.

SOX (US)
The Sarbanes-Oxley (SOX) Act of 2002 was developed to protect investors by improving the accuracy and reliability of corporate disclosure. Section 404 of the Act requires all public companies to assess and report on the effectiveness of internal controls and procedures for financial reporting, including access and dissemination of sensitive financial information.

GLBA (US)
The Gramm-Leach-Bliley Act, also knows as GLBA, seeks to protect the personal information of consumers stored in financial institutions. The Act requires all financial institutions to implement and maintain security measures to protect customer information and prevent unauthorized access and use of customer records.

White Paper Kostenlost als PDF herunterladen Name and E-mail address are required